# Rossum - Kyverno policy demo

This example assumes an existing and preconfigured access to k8s api server

Provide environment variables in the workdir as defined in the `.envrc.example`

`anydatacenter` directory represents a theoretical structure where the cluster would be located

## Root modules
- `anydatacenter/10-devops` is a terraform root module providing prerequisites for kubernetes resources

- `anydatacenter/30-policy-demo` is a root module with deployments and policies to demonstrate automated topology spread of k8s pods

The reason for split root modules comes from the chicken or the egg dilemma with kubernetes manifests and CRDs

Because the kubernetes provider validates the manifests against CRDs during planning phase, it is not possible to do a single apply
in which CRDs are installed and manifests are produced against those CRDs. Other solution would be using kubectl provider which is
more error prone (opinionated statement) and using the kubernetes provider is preferred. This requires either a multi-apply
approach (frowned upon!) or splitting root modules and applying one after another.

## Policies

Policies are deliberately limited to `rossum` namespace

## Tests

Kyverno tests are defined in the policy root module at [./anydatacenter/30-policy-demo/kyvernoPolicies/tests](./anydatacenter/30-policy-demo/kyvernoPolicies/tests)

Execute with nix and devenv
```sh
tests
```

Execute with kyverno cli
```sh
kyverno test ./anydatacenter/30-policy-demo
```