diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml new file mode 100644 index 000000000..a1af4606f --- /dev/null +++ b/.github/workflows/ci.yaml @@ -0,0 +1,33 @@ +name: CI +on: + pull_request: + branches: [main] + merge_group: + +permissions: + contents: read + +jobs: + test: + if: github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository + runs-on: ubuntu-latest + environment: ci + steps: + - name: ๐Ÿ“‘ Checkout + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + + - name: ๐Ÿงช System Test + uses: devantler-tech/ksail/.github/actions/ksail-cluster@e8af568986b21cb6e1ed1b3be92ff9c8c3612363 # v5.74.3 + with: + distribution: Talos + provider: Docker + init: "false" + validate: "true" + sops-age-key: ${{ secrets.SOPS_AGE_KEY }} + hosts-file: ${{ vars.HOSTS_FILE }} + root-ca-cert-file: ${{ vars.ROOT_CA_CERT_FILE }} + push: "true" + reconcile: "true" + delete: "true" diff --git a/.policyignore b/.policyignore index 4ab3f1eaa..4330818c6 100644 --- a/.policyignore +++ b/.policyignore @@ -12,6 +12,7 @@ castai* cert-manager* cleanup* consul* +cost-optimization* external-secret-operator* flux-cel* flux* diff --git a/k8s/bases/infrastructure/cluster-policies/samples/cost-optimization/schedule-based-quotas/schedule-based-quotas.yaml b/k8s/bases/infrastructure/cluster-policies/samples/cost-optimization/schedule-based-quotas/schedule-based-quotas.yaml deleted file mode 100644 index ea7d2acec..000000000 --- a/k8s/bases/infrastructure/cluster-policies/samples/cost-optimization/schedule-based-quotas/schedule-based-quotas.yaml +++ /dev/null @@ -1,42 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: schedule-based-quotas - annotations: - policies.kyverno.io/title: Schedule-based Resource Quotas - policies.kyverno.io/category: Resource Management - policies.kyverno.io/severity: medium - policies.kyverno.io/subject: ResourceQuota, Namespace - policies.kyverno.io/description: >- - Automatically adjusts resource quotas based on time schedules to optimize cloud costs. - During non-business hours, the policy reduces resource quotas to prevent overprovisioning - while ensuring essential services remain operational. - kyverno.io/kyverno-version: 1.11.0 - policies.kyverno.io/minversion: 1.11.0 - kyverno.io/kubernetes-version: "1.23-1.28" -spec: - background: true - rules: - - name: update-quotas-by-schedule - match: - any: - - resources: - kinds: - - ResourceQuota - context: - - name: mockTime - configMap: - name: time-mock - namespace: default - key: time - - name: currentTime - variable: >- - {{ mockTime || time.Now() | time.ParseInLocation('America/Los_Angeles') }} - - name: isBusinessHours - variable: currentTime.Hour() >= 9 && currentTime.Hour() < 17 && (currentTime.Weekday() >= 1 && currentTime.Weekday() <= 5) - mutate: - patchStrategicMerge: - spec: - hard: - cpu: "{{ isBusinessHours ? '20' : '10' }}" - memory: "{{ isBusinessHours ? '40Gi' : '20Gi' }}"