Skip to content

Commit 3449b63

Browse files
filariowfilariow
authored
set Prune=false on core ClusterPolicies in stg (#8131)
Deleting these policies can cause security problems. After this change is merged, to remove these policies, either a manual intervention or an extra step to remove the annotation is required. Signed-off-by: Francesco Ilario <[email protected]>
1 parent f5d71f7 commit 3449b63

File tree

2 files changed

+4
-0
lines changed

2 files changed

+4
-0
lines changed

components/policies/development/konflux-rbac/kustomization.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,3 +5,5 @@ resources:
55
- restrict-binding-system-authenticated/
66
- restrict-binding-system-authenticated-releng/
77
- validate-rolebindings/
8+
commonAnnotations:
9+
argocd.argoproj.io/sync-options: Prune=false

components/policies/development/namespace-lister/deny-virtual-domain/kustomization.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,3 +2,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
22
kind: Kustomization
33
resources:
44
- deny-virtual-domain.yaml
5+
commonAnnotations:
6+
argocd.argoproj.io/sync-options: Prune=false

0 commit comments

Comments
 (0)