\u062a\u0639\u0645\u0644 \u0623\u0646\u0627\u0628\u064a\u0628 CI\/CD \u0627\u0644\u062d\u062f\u064a\u062b\u0629 \u0628\u0633\u0631\u0639\u0629 \u0643\u0628\u064a\u0631\u0629. \u062a\u064f\u0646\u0641\u0651\u0630 \u0627\u0644\u0641\u0631\u0642 \u0639\u0634\u0631\u0627\u062a \u2014 \u0648\u0623\u062d\u064a\u0627\u0646\u0627\u064b \u0645\u0626\u0627\u062a \u2014 \u0639\u0645\u0644\u064a\u0627\u062a \u0627\u0644\u0646\u0634\u0631 \u064a\u0648\u0645\u064a\u0627\u064b\u060c \u0648\u0643\u0644 \u0639\u0645\u0644\u064a\u0629 \u0646\u0634\u0631 \u062a\u062d\u0645\u0644 \u0642\u0631\u0627\u0631\u0627\u062a \u062a\u0647\u064a\u0626\u0629 \u062a\u0624\u062b\u0631 \u0639\u0644\u0649 \u0627\u0644\u0623\u0645\u0627\u0646 \u0648\u0627\u0644\u0627\u0645\u062a\u062b\u0627\u0644 \u0648\u0627\u0644\u0627\u0633\u062a\u0642\u0631\u0627\u0631 \u0627\u0644\u062a\u0634\u063a\u064a\u0644\u064a. \u064a\u0645\u0643\u0646 \u0644\u0645\u0644\u0641 Kubernetes manifest \u0648\u0627\u062d\u062f \u062e\u0627\u0637\u0626 \u0627\u0644\u062a\u0647\u064a\u0626\u0629\u060c \u0623\u0648 \u062f\u0648\u0631 IAM \u0645\u0641\u0631\u0637 \u0627\u0644\u0635\u0644\u0627\u062d\u064a\u0627\u062a \u0641\u064a Terraform\u060c \u0623\u0648 \u0635\u0648\u0631\u0629 \u062d\u0627\u0648\u064a\u0629 \u0645\u0633\u062d\u0648\u0628\u0629 \u0645\u0646 \u0633\u062c\u0644 \u063a\u064a\u0631 \u0645\u0648\u062b\u0648\u0642 \u0623\u0646 \u064a\u0643\u0634\u0641 \u0628\u0646\u064a\u062a\u0643 \u0627\u0644\u062a\u062d\u062a\u064a\u0629 \u0628\u0627\u0644\u0643\u0627\u0645\u0644.<\/p>\n
\u0644\u0627 \u062a\u0633\u062a\u0637\u064a\u0639 \u0645\u0631\u0627\u062c\u0639\u0627\u062a \u0627\u0644\u0643\u0648\u062f \u0627\u0644\u064a\u062f\u0648\u064a\u0629 \u0645\u0648\u0627\u0643\u0628\u0629 \u0647\u0630\u0647 \u0627\u0644\u0648\u062a\u064a\u0631\u0629. \u062d\u062a\u0649 \u0623\u0643\u062b\u0631 \u0645\u0647\u0646\u062f\u0633\u064a \u0627\u0644\u0623\u0645\u0627\u0646 \u062d\u0631\u0635\u0627\u064b \u0633\u064a\u0641\u0648\u062a\u0647 \u0628\u0639\u0636 \u0627\u0644\u0623\u0645\u0648\u0631 \u0639\u0646\u062f \u0645\u0631\u0627\u062c\u0639\u0629 \u0645\u0626\u0627\u062a \u0637\u0644\u0628\u0627\u062a \u0627\u0644\u0633\u062d\u0628 \u0623\u0633\u0628\u0648\u0639\u064a\u0627\u064b. \u0647\u0646\u0627 \u064a\u0623\u062a\u064a \u062f\u0648\u0631 \u0645\u062d\u0631\u0643\u0627\u062a \u0627\u0644\u0633\u064a\u0627\u0633\u0627\u062a<\/strong>: \u0623\u062f\u0648\u0627\u062a \u0622\u0644\u064a\u0629 \u062a\u064f\u0642\u064a\u0651\u0645 \u0627\u0644\u0628\u0646\u064a\u0629 \u0627\u0644\u062a\u062d\u062a\u064a\u0629 \u0643\u0643\u0648\u062f\u060c \u0648\u0645\u0644\u0641\u0627\u062a \u0627\u0644\u0646\u0634\u0631\u060c \u0648\u062a\u0647\u064a\u0626\u0627\u062a \u0627\u0644\u0623\u0646\u0627\u0628\u064a\u0628 \u0648\u0641\u0642\u0627\u064b \u0644\u0645\u062c\u0645\u0648\u0639\u0629 \u062a\u0635\u0631\u064a\u062d\u064a\u0629 \u0645\u0646 \u0627\u0644\u0642\u0648\u0627\u0639\u062f \u2014 \u0648\u062a\u0645\u0646\u0639 \u0627\u0644\u0645\u062e\u0627\u0644\u0641\u0627\u062a \u0642\u0628\u0644 \u0623\u0646 \u062a\u0635\u0644 \u0625\u0644\u0649 \u0628\u064a\u0626\u0629 \u0627\u0644\u0625\u0646\u062a\u0627\u062c.<\/p>\n \u062a\u064f\u062d\u0648\u0651\u0644 \u0645\u062d\u0631\u0643\u0627\u062a \u0627\u0644\u0633\u064a\u0627\u0633\u0627\u062a \u0627\u0644\u0623\u0645\u0627\u0646 \u0645\u0646 \u0639\u0646\u0642 \u0632\u062c\u0627\u062c\u0629 \u0625\u0644\u0649 \u062d\u0627\u062c\u0632 \u062d\u0645\u0627\u064a\u0629. \u0628\u062f\u0644\u0627\u064b \u0645\u0646 \u0625\u0628\u0637\u0627\u0621 \u0627\u0644\u0645\u0637\u0648\u0631\u064a\u0646 \u0628\u0628\u0648\u0627\u0628\u0627\u062a \u0645\u0648\u0627\u0641\u0642\u0629 \u064a\u062f\u0648\u064a\u0629\u060c \u062a\u0648\u0641\u0631 \u0645\u0644\u0627\u062d\u0638\u0627\u062a \u0641\u0648\u0631\u064a\u0629 \u0648\u062d\u062a\u0645\u064a\u0629 \u0641\u064a \u0623\u0646\u0628\u0648\u0628 CI \u0646\u0641\u0633\u0647. \u0647\u0644 \u062f\u0641\u0639 \u0645\u0637\u0648\u0631 \u062e\u0637\u0629 Terraform \u062a\u0645\u0646\u062d \u0635\u0644\u0627\u062d\u064a\u0627\u062a \u0644\u0643\u0646 \u0645\u0634\u0647\u062f \u0645\u062d\u0631\u0643\u0627\u062a \u0627\u0644\u0633\u064a\u0627\u0633\u0627\u062a \u0642\u062f \u0646\u0645\u0627 \u0628\u0633\u0631\u0639\u0629\u060c \u0648\u0627\u062e\u062a\u064a\u0627\u0631 \u0627\u0644\u0645\u062d\u0631\u0643 \u0627\u0644\u0645\u0646\u0627\u0633\u0628 \u2014 \u0623\u0648 \u0627\u0644\u0645\u062c\u0645\u0648\u0639\u0629 \u0627\u0644\u0645\u0646\u0627\u0633\u0628\u0629 \u2014 \u0644\u064a\u0633 \u0623\u0645\u0631\u0627\u064b \u0628\u0633\u064a\u0637\u0627\u064b. \u0641\u064a \u0647\u0630\u0627 \u0627\u0644\u062f\u0644\u064a\u0644\u060c \u0646\u0642\u0627\u0631\u0646 \u0623\u0631\u0628\u0639\u0629 \u0645\u062d\u0631\u0643\u0627\u062a \u0633\u064a\u0627\u0633\u0627\u062a \u0631\u0627\u0626\u062f\u0629: Open Policy Agent (OPA)<\/strong> \u0648Kyverno<\/strong> \u0648HashiCorp Sentinel<\/strong> \u0648AWS Cedar<\/strong>. \u0633\u0646\u0641\u062d\u0635 \u0643\u0644\u0627\u064b \u0645\u0646\u0647\u0627 \u0628\u0639\u0645\u0642\u060c \u0648\u0646\u0642\u0627\u0631\u0646\u0647\u0627 \u0639\u0628\u0631 \u0627\u0644\u0623\u0628\u0639\u0627\u062f \u0627\u0644\u0623\u0643\u062b\u0631 \u0623\u0647\u0645\u064a\u0629 \u0644\u0623\u0645\u0627\u0646 CI\/CD\u060c \u0648\u0646\u0648\u0641\u0631 \u0645\u0635\u0641\u0648\u0641\u0629 \u0642\u0631\u0627\u0631 \u0644\u0645\u0633\u0627\u0639\u062f\u062a\u0643 \u0641\u064a \u0627\u0644\u0627\u062e\u062a\u064a\u0627\u0631.<\/p>\n Open Policy Agent (OPA)<\/a> \u0647\u0648 \u0645\u062d\u0631\u0643 \u0627\u0644\u0633\u064a\u0627\u0633\u0627\u062a \u0627\u0644\u0639\u0627\u0645 \u0627\u0644\u0623\u0643\u062b\u0631 \u0631\u0633\u0648\u062e\u0627\u064b \u0641\u064a \u0627\u0644\u0646\u0638\u0627\u0645 \u0627\u0644\u0628\u064a\u0626\u064a \u0627\u0644\u0633\u062d\u0627\u0628\u064a \u0627\u0644\u0623\u0635\u0644\u064a. \u0623\u0646\u0634\u0623\u062a\u0647 \u0634\u0631\u0643\u0629 Styra \u0641\u064a \u0627\u0644\u0623\u0635\u0644 \u0648\u062a\u0628\u0631\u0639\u062a \u0628\u0647 \u0644\u0645\u0624\u0633\u0633\u0629 Cloud Native Computing Foundation (CNCF)\u060c \u0648\u062a\u062e\u0631\u0651\u062c OPA \u0643\u0645\u0634\u0631\u0648\u0639 CNCF \u0641\u064a \u0639\u0627\u0645 2021. \u0635\u064f\u0645\u0651\u0645 \u0644\u0641\u0635\u0644 \u0642\u0631\u0627\u0631\u0627\u062a \u0627\u0644\u0633\u064a\u0627\u0633\u0629 \u0639\u0646 \u0645\u0646\u0637\u0642 \u0627\u0644\u062a\u0637\u0628\u064a\u0642 \u0645\u0646 \u062e\u0644\u0627\u0644 \u062a\u0648\u0641\u064a\u0631 \u0645\u062d\u0631\u0643 \u062e\u0641\u064a\u0641 \u0627\u0644\u0648\u0632\u0646 \u0648\u0639\u0627\u0644\u064a \u0627\u0644\u0623\u062f\u0627\u0621 \u064a\u0645\u0643\u0646 \u062a\u0636\u0645\u064a\u0646\u0647 \u0643\u062d\u0627\u0648\u064a\u0629 \u062c\u0627\u0646\u0628\u064a\u0629 \u0623\u0648 \u0645\u0643\u062a\u0628\u0629 \u0623\u0648 \u062e\u062f\u0645\u0629 \u0645\u0633\u062a\u0642\u0644\u0629.<\/p>\n \u064a\u0633\u062a\u062e\u062f\u0645 OPA \u0644\u063a\u0629 Rego<\/strong>\u060c \u0648\u0647\u064a \u0644\u063a\u0629 \u0627\u0633\u062a\u0639\u0644\u0627\u0645 \u062a\u0635\u0631\u064a\u062d\u064a\u0629 \u0645\u062e\u0635\u0635\u0629 \u0645\u0633\u062a\u0648\u062d\u0627\u0629 \u0645\u0646 Datalog. \u062a\u0639\u0645\u0644 \u0633\u064a\u0627\u0633\u0627\u062a Rego \u0639\u0644\u0649 \u0628\u064a\u0627\u0646\u0627\u062a \u0645\u064f\u0647\u064a\u0643\u0644\u0629 (JSON\/YAML)\u060c \u0645\u0645\u0627 \u064a\u062c\u0639\u0644\u0647\u0627 \u0642\u0627\u0628\u0644\u0629 \u0644\u0644\u062a\u0637\u0628\u064a\u0642 \u0639\u0644\u0649 \u0623\u064a \u0645\u062c\u0627\u0644 \u062a\u0642\u0631\u064a\u0628\u0627\u064b: \u0627\u0644\u062a\u062d\u0643\u0645 \u0641\u064a \u0642\u0628\u0648\u0644 Kubernetes\u060c \u0648\u0627\u0644\u062a\u062d\u0642\u0642 \u0645\u0646 \u062e\u0637\u0637 Terraform\u060c \u0648\u062a\u0641\u0648\u064a\u0636 API\u060c \u0648\u0625\u0646\u0641\u0627\u0630 \u0623\u0646\u0627\u0628\u064a\u0628 CI\/CD\u060c \u0648\u0627\u0644\u0645\u0632\u064a\u062f.<\/p>\n \u0644\u063a\u0629 Rego \u0642\u0648\u064a\u0629 \u0644\u0643\u0646 \u0644\u0647\u0627 \u0645\u0646\u062d\u0646\u0649 \u062a\u0639\u0644\u0651\u0645 \u062d\u0642\u064a\u0642\u064a. \u0625\u0646\u0647\u0627 \u0644\u063a\u0629 \u0628\u0631\u0645\u062c\u0629 \u0645\u0646\u0637\u0642\u064a\u0629 \u062d\u064a\u062b \u062a\u064f\u0639\u0631\u0651\u0641 \u0627\u0644\u0642\u0648\u0627\u0639\u062f \u0643\u0639\u0628\u0627\u0631\u0627\u062a \u0645\u0646\u0637\u0642\u064a\u0629 \u0628\u062f\u0644\u0627\u064b \u0645\u0646 \u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0625\u062c\u0631\u0627\u0626\u064a\u0629. \u0641\u064a\u0645\u0627 \u064a\u0644\u064a \u0645\u062b\u0627\u0644 \u0628\u0633\u064a\u0637 \u064a\u0631\u0641\u0636 \u0627\u0644\u062d\u0627\u0648\u064a\u0627\u062a \u0627\u0644\u062a\u064a \u062a\u0639\u0645\u0644 \u0628\u0635\u0644\u0627\u062d\u064a\u0627\u062a root:<\/p>\n \u0627\u0644\u0623\u0633\u0644\u0648\u0628 \u0627\u0644\u062a\u0635\u0631\u064a\u062d\u064a \u0623\u0646\u064a\u0642 \u0628\u0645\u062c\u0631\u062f \u0627\u0633\u062a\u064a\u0639\u0627\u0628\u0647\u060c \u0644\u0643\u0646 \u0627\u0644\u0645\u0637\u0648\u0631\u064a\u0646 \u0627\u0644\u0645\u0639\u062a\u0627\u062f\u064a\u0646 \u0639\u0644\u0649 \u0627\u0644\u0644\u063a\u0627\u062a \u0627\u0644\u0625\u062c\u0631\u0627\u0626\u064a\u0629 \u063a\u0627\u0644\u0628\u0627\u064b \u0645\u0627 \u064a\u0648\u0627\u062c\u0647\u0648\u0646 \u0635\u0639\u0648\u0628\u0629 \u0645\u0639 \u0646\u0645\u0648\u0630\u062c \u062a\u0642\u064a\u064a\u0645 Rego \u2014 \u062e\u0627\u0635\u0629 \u0641\u064a\u0645\u0627 \u064a\u062a\u0639\u0644\u0642 \u0628\u0627\u0644\u062a\u0642\u064a\u064a\u0645 \u0627\u0644\u062c\u0632\u0626\u064a \u0648\u0627\u0633\u062a\u064a\u0639\u0627\u0628 \u0627\u0644\u0645\u062c\u0645\u0648\u0639\u0627\u062a \u0648\u0627\u0644\u062a\u0643\u0631\u0627\u0631 \u0627\u0644\u0636\u0645\u0646\u064a \u0639\u0628\u0631 \u0627\u0644\u0645\u062c\u0645\u0648\u0639\u0627\u062a \u0628\u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0635\u064a\u063a\u0629 Conftest<\/a> \u0647\u0648 \u062d\u0644 OPA \u0644\u062a\u0643\u0627\u0645\u0644 CI\/CD. \u0625\u0646\u0647 \u0623\u062f\u0627\u0629 \u0633\u0637\u0631 \u0623\u0648\u0627\u0645\u0631 \u062a\u064f\u0634\u063a\u0651\u0644 \u0633\u064a\u0627\u0633\u0627\u062a OPA \u0639\u0644\u0649 \u0645\u0644\u0641\u0627\u062a \u0627\u0644\u062a\u0647\u064a\u0626\u0629 \u0627\u0644\u0645\u064f\u0647\u064a\u0643\u0644\u0629 \u2014 Kubernetes YAML \u0648\u062e\u0637\u0637 Terraform \u0648Dockerfiles \u0648\u0627\u0644\u0645\u0632\u064a\u062f. \u062a\u0628\u062f\u0648 \u062e\u0637\u0648\u0629 CI \u0627\u0644\u0646\u0645\u0648\u0630\u062c\u064a\u0629 \u0643\u0627\u0644\u062a\u0627\u0644\u064a:<\/p>\n \u064a\u062f\u0639\u0645 Conftest \u0635\u064a\u063a \u0625\u062f\u062e\u0627\u0644 \u0645\u062a\u0639\u062f\u062f\u0629 \u062c\u0627\u0647\u0632\u0629 \u0644\u0644\u0627\u0633\u062a\u062e\u062f\u0627\u0645\u060c \u0648\u064a\u0645\u0643\u0646\u0647 \u0633\u062d\u0628 \u0627\u0644\u0633\u064a\u0627\u0633\u0627\u062a \u0645\u0646 \u0633\u062c\u0644\u0627\u062a OCI (\u0645\u0645\u0627 \u064a\u062a\u064a\u062d \u0627\u0644\u062a\u0648\u0632\u064a\u0639 \u0627\u0644\u0645\u0631\u0643\u0632\u064a \u0644\u0644\u0633\u064a\u0627\u0633\u0627\u062a)\u060c \u0648\u064a\u062a\u0643\u0627\u0645\u0644 \u0628\u0633\u0644\u0627\u0633\u0629 \u0645\u0639 \u0623\u064a \u0646\u0638\u0627\u0645 CI \u064a\u0645\u0643\u0646\u0647 \u062a\u0634\u063a\u064a\u0644 \u0623\u0645\u0631 shell. \u0644\u0644\u0627\u0637\u0644\u0627\u0639 \u0639\u0644\u0649 \u0634\u0631\u062d \u0639\u0645\u0644\u064a \u062a\u0641\u0635\u064a\u0644\u064a\u060c \u0631\u0627\u062c\u0639 \u0645\u0642\u0627\u0644\u0646\u0627 \u0645\u062e\u062a\u0628\u0631: \u0625\u0646\u0641\u0627\u0630 \u0633\u064a\u0627\u0633\u0627\u062a \u0646\u0634\u0631 Kubernetes \u0628\u0627\u0633\u062a\u062e\u062f\u0627\u0645 OPA Conftest \u0641\u064a CI\/CD<\/a>.<\/p>\n \u0644\u0644\u0627\u0637\u0644\u0627\u0639 \u0639\u0644\u0649 \u062f\u0644\u064a\u0644 \u0634\u0627\u0645\u0644 \u062d\u0648\u0644 OPA \u0648Rego \u0641\u064a CI\/CD\u060c \u0631\u0627\u062c\u0639 \u0645\u0642\u0627\u0644\u0646\u0627: \u0627\u0644\u0633\u064a\u0627\u0633\u0629 \u0643\u0643\u0648\u062f \u0641\u064a CI\/CD: \u0625\u0646\u0641\u0627\u0630 \u0628\u0648\u0627\u0628\u0627\u062a \u0627\u0644\u0623\u0645\u0627\u0646 \u0628\u0627\u0633\u062a\u062e\u062f\u0627\u0645 OPA \u0648Rego<\/a>.<\/p>\n Kyverno<\/a> \u0647\u0648 \u0645\u062d\u0631\u0643 \u0633\u064a\u0627\u0633\u0627\u062a \u0623\u0635\u0644\u064a \u0644\u0640 Kubernetes \u0635\u064f\u0645\u0651\u0645 \u062e\u0635\u064a\u0635\u0627\u064b \u0644\u0644\u0646\u0638\u0627\u0645 \u0627\u0644\u0628\u064a\u0626\u064a \u0644\u0640 Kubernetes. \u0623\u0635\u0628\u062d \u0645\u0634\u0631\u0648\u0639\u0627\u064b \u0641\u064a \u0645\u0631\u062d\u0644\u0629 \u0627\u0644\u0627\u062d\u062a\u0636\u0627\u0646 \u0644\u062f\u0649 CNCF \u0648\u0634\u0647\u062f \u0627\u0639\u062a\u0645\u0627\u062f\u0627\u064b \u0633\u0631\u064a\u0639\u0627\u064b \u0628\u064a\u0646 \u0627\u0644\u0641\u0631\u0642 \u0627\u0644\u062a\u064a \u062a\u0631\u064a\u062f \u0625\u0646\u0641\u0627\u0630 \u0627\u0644\u0633\u064a\u0627\u0633\u0627\u062a \u062f\u0648\u0646 \u062a\u0639\u0644\u0651\u0645 \u0644\u063a\u0629 \u0628\u0631\u0645\u062c\u0629 \u062c\u062f\u064a\u062f\u0629. \u0641\u0644\u0633\u0641\u0629 Kyverno \u0627\u0644\u0623\u0633\u0627\u0633\u064a\u0629 \u0647\u064a \u0623\u0646 \u0645\u0633\u0624\u0648\u0644\u064a Kubernetes \u064a\u062c\u0628 \u0623\u0646 \u064a\u0643\u0648\u0646\u0648\u0627 \u0642\u0627\u062f\u0631\u064a\u0646 \u0639\u0644\u0649 \u0643\u062a\u0627\u0628\u0629 \u0627\u0644\u0633\u064a\u0627\u0633\u0627\u062a \u0628\u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0646\u0641\u0633 YAML \u0627\u0644\u0630\u064a \u064a\u0639\u0631\u0641\u0648\u0646\u0647 \u0628\u0627\u0644\u0641\u0639\u0644.<\/p>\n \u062a\u064f\u0639\u0631\u0651\u0641 \u0633\u064a\u0627\u0633\u0627\u062a Kyverno \u0643\u0645\u0648\u0627\u0631\u062f \u0645\u062e\u0635\u0635\u0629 \u0641\u064a Kubernetes. \u0644\u0627 \u062a\u0648\u062c\u062f \u0644\u063a\u0629 \u062c\u062f\u064a\u062f\u0629 \u0644\u0644\u062a\u0639\u0644\u0651\u0645 \u2014 \u062a\u0633\u062a\u062e\u062f\u0645 \u0627\u0644\u0633\u064a\u0627\u0633\u0627\u062a \u0635\u064a\u063a\u0629 YAML \u0627\u0644\u0645\u0623\u0644\u0648\u0641\u0629 \u0645\u0639 \u0645\u0637\u0627\u0628\u0642\u0629 \u0627\u0644\u0623\u0646\u0645\u0627\u0637 \u0648\u0627\u0644\u062a\u0631\u0627\u0643\u0628\u0627\u062a \u0648\u062a\u0639\u0628\u064a\u0631\u0627\u062a JMESPath \u0644\u0644\u0634\u0631\u0648\u0637. \u0641\u064a\u0645\u0627 \u064a\u0644\u064a \u0633\u064a\u0627\u0633\u0629 \u0645\u0643\u0627\u0641\u0626\u0629 \u062a\u062a\u0637\u0644\u0628 \u062a\u0634\u063a\u064a\u0644 \u0627\u0644\u062d\u0627\u0648\u064a\u0627\u062a \u0628\u062f\u0648\u0646 \u0635\u0644\u0627\u062d\u064a\u0627\u062a root:<\/p>\n \u064a\u064f\u062e\u0641\u0651\u0636 \u0647\u0630\u0627 \u0627\u0644\u0646\u0647\u062c \u0627\u0644\u0642\u0627\u0626\u0645 \u0639\u0644\u0649 YAML \u0623\u0648\u0644\u0627\u064b \u062d\u0627\u062c\u0632 \u0627\u0644\u062f\u062e\u0648\u0644 \u0628\u0634\u0643\u0644 \u0643\u0628\u064a\u0631. \u064a\u0645\u0643\u0646 \u0644\u0623\u064a \u0645\u0634\u063a\u0651\u0644 Kubernetes \u0642\u0631\u0627\u0621\u0629 \u0648\u0643\u062a\u0627\u0628\u0629 \u0633\u064a\u0627\u0633\u0627\u062a Kyverno \u062f\u0648\u0646 \u062a\u062f\u0631\u064a\u0628 \u0645\u062a\u062e\u0635\u0635.<\/p>\n \u062a\u0648\u0633\u0651\u0639 Kyverno \u0625\u0644\u0649 \u0645\u0627 \u0647\u0648 \u0623\u0628\u0639\u062f \u0645\u0646 \u0627\u0644\u062a\u062d\u0643\u0645 \u0641\u064a \u0627\u0644\u0642\u0628\u0648\u0644 \u0627\u0644\u0628\u062d\u062a \u0645\u0639 Kyverno CLI<\/strong>\u060c \u0627\u0644\u0630\u064a \u064a\u0645\u0643\u0646\u0647 \u0627\u0644\u062a\u062d\u0642\u0642 \u0645\u0646 \u0627\u0644\u0645\u0648\u0627\u0631\u062f \u0645\u0642\u0627\u0628\u0644 \u0627\u0644\u0633\u064a\u0627\u0633\u0627\u062a \u062f\u0648\u0646 \u0627\u062a\u0635\u0627\u0644 \u2014 \u0645\u0645\u0627 \u064a\u062c\u0639\u0644\u0647 \u0642\u0627\u0628\u0644\u0627\u064b \u0644\u0644\u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0641\u064a \u0623\u0646\u0627\u0628\u064a\u0628 CI\/CD:<\/p>\n \u064a\u062f\u0639\u0645 CLI \u0627\u062e\u062a\u0628\u0627\u0631 \u0627\u0644\u0633\u064a\u0627\u0633\u0627\u062a \u0648\u0627\u0644\u062a\u062d\u0642\u0642 \u0645\u0646 \u0627\u0644\u0645\u0648\u0627\u0631\u062f \u0648\u064a\u0645\u0643\u0646\u0647 \u0625\u0646\u0634\u0627\u0621 \u062a\u0642\u0627\u0631\u064a\u0631 JUnit XML \u0644\u062a\u0643\u0627\u0645\u0644 CI. \u0648\u0645\u0639 \u0630\u0644\u0643\u060c \u0641\u0625\u0646 \u0642\u0635\u0629 CI\/CD \u0644\u0640 Kyverno \u0623\u0636\u064a\u0642 \u0645\u0646 OPA: \u0641\u0647\u0648 \u064a\u0639\u0645\u0644 \u0628\u0634\u0643\u0644 \u0623\u0641\u0636\u0644 \u0645\u0639 \u0645\u0644\u0641\u0627\u062a Kubernetes manifests \u0648\u0644\u0627 \u064a\u062a\u0639\u0627\u0645\u0644 \u0623\u0635\u0644\u0627\u064b \u0645\u0639 \u062e\u0637\u0637 Terraform \u0623\u0648 Dockerfiles \u0623\u0648 \u0627\u0644\u062a\u0646\u0633\u064a\u0642\u0627\u062a \u0627\u0644\u0623\u062e\u0631\u0649 \u063a\u064a\u0631 \u0627\u0644\u0645\u062a\u0639\u0644\u0642\u0629 \u0628\u0640 Kubernetes.<\/p>\n HashiCorp Sentinel<\/a> \u0647\u0648 \u0625\u0637\u0627\u0631 \u0639\u0645\u0644 \u0644\u0644\u0633\u064a\u0627\u0633\u0629 \u0643\u0643\u0648\u062f \u0645\u0636\u0645\u0651\u0646 \u0641\u064a \u0645\u0646\u062a\u062c\u0627\u062a HashiCorp \u0627\u0644\u062a\u062c\u0627\u0631\u064a\u0629: Terraform Cloud\/Enterprise \u0648Vault Enterprise \u0648Consul Enterprise \u0648Nomad Enterprise. \u0635\u064f\u0645\u0651\u0645 \u062e\u0635\u064a\u0635\u0627\u064b \u0644\u062a\u0648\u0641\u064a\u0631 \u062d\u0648\u0627\u062c\u0632 \u062d\u0648\u0643\u0645\u0629 \u0644\u0633\u064a\u0631 \u0639\u0645\u0644 \u062a\u0648\u0641\u064a\u0631 \u0627\u0644\u0628\u0646\u064a\u0629 \u0627\u0644\u062a\u062d\u062a\u064a\u0629.<\/p>\n \u064a\u0633\u062a\u062e\u062f\u0645 Sentinel \u0644\u063a\u062a\u0647 \u0627\u0644\u062e\u0627\u0635\u0629 \u0627\u0644\u0645\u062a\u062e\u0635\u0635\u0629 \u0627\u0644\u062a\u064a \u0647\u064a \u0623\u0643\u062b\u0631 \u0625\u062c\u0631\u0627\u0626\u064a\u0629 \u0645\u0646 Rego \u0648\u0623\u0643\u062b\u0631 \u0633\u0647\u0648\u0644\u0629 \u0644\u0644\u0645\u0637\u0648\u0631\u064a\u0646 \u0627\u0644\u0645\u0623\u0644\u0648\u0641\u064a\u0646 \u0628\u0640 Python \u0623\u0648 Go. \u0641\u064a\u0645\u0627 \u064a\u0644\u064a \u0645\u062b\u0627\u0644 \u064a\u064f\u0642\u064a\u0651\u062f \u0623\u0646\u0648\u0627\u0639 \u0645\u062b\u064a\u0644\u0627\u062a EC2 \u0641\u064a Terraform:<\/p>\n \u062a\u062f\u0639\u0645 \u0627\u0644\u0644\u063a\u0629 \u0627\u0644\u0627\u0633\u062a\u064a\u0631\u0627\u062f\u0627\u062a \u0648\u0627\u0644\u062f\u0648\u0627\u0644 \u0648\u0645\u0633\u062a\u0648\u064a\u0627\u062a \u0627\u0644\u0625\u0646\u0641\u0627\u0630 (\u0627\u0633\u062a\u0634\u0627\u0631\u064a\u060c \u0625\u0644\u0632\u0627\u0645\u064a-\u0645\u0631\u0646\u060c \u0625\u0644\u0632\u0627\u0645\u064a-\u0635\u0627\u0631\u0645)\u060c \u0648\u0644\u0647\u0627 \u0637\u0627\u0628\u0639 \u0625\u062c\u0631\u0627\u0626\u064a \u0645\u0623\u0644\u0648\u0641. \u062a\u064f\u0642\u0631\u0623 \u0627\u0644\u0633\u064a\u0627\u0633\u0627\u062a \u0628\u0634\u0643\u0644 \u0623\u0643\u062b\u0631 \u0637\u0628\u064a\u0639\u064a\u0629 \u0645\u0646 Rego \u0644\u0645\u0639\u0638\u0645 \u0627\u0644\u0645\u0637\u0648\u0631\u064a\u0646.<\/p>\n Sentinel \u0645\u062a\u0643\u0627\u0645\u0644 \u0628\u0639\u0645\u0642 \u0641\u064a \u0633\u064a\u0631 \u0639\u0645\u0644 Terraform Cloud \u0648Enterprise. \u062a\u064f\u0642\u064a\u064e\u0651\u0645 \u0627\u0644\u0633\u064a\u0627\u0633\u0627\u062a \u062a\u0644\u0642\u0627\u0626\u064a\u0627\u064b \u0623\u062b\u0646\u0627\u0621 \u0628\u0627\u0644\u0646\u0633\u0628\u0629 \u0644\u0623\u0646\u0627\u0628\u064a\u0628 CI\/CD \u062e\u0627\u0631\u062c \u0646\u0638\u0627\u0645 HashiCorp \u0627\u0644\u0628\u064a\u0626\u064a\u060c \u064a\u0633\u0645\u062d Sentinel CLI<\/strong> (\u0645\u062d\u0627\u0643\u064a Cedar<\/a> \u0647\u064a \u0644\u063a\u0629 \u0633\u064a\u0627\u0633\u0627\u062a \u0648\u0645\u062d\u0631\u0643 \u062a\u0642\u064a\u064a\u0645 \u0637\u0648\u0651\u0631\u062a\u0647 AWS \u0648\u0623\u0635\u0628\u062d\u062a \u0645\u0641\u062a\u0648\u062d\u0629 \u0627\u0644\u0645\u0635\u062f\u0631 \u0641\u064a \u0639\u0627\u0645 2023. \u0628\u064f\u0646\u064a\u062a \u0623\u0635\u0644\u0627\u064b \u0644\u062a\u0634\u063a\u064a\u0644 Amazon Verified Permissions \u0648AWS IAM Identity Center\u060c \u0648\u0635\u064f\u0645\u0651\u0645\u062a Cedar \u0645\u0646 \u0627\u0644\u0623\u0644\u0641 \u0625\u0644\u0649 \u0627\u0644\u064a\u0627\u0621 \u0644\u0623\u063a\u0631\u0627\u0636 \u0627\u0644\u062a\u0641\u0648\u064a\u0636<\/strong> \u2014 \u062a\u062d\u062f\u064a\u062f \u0645\u0627 \u0625\u0630\u0627 \u0643\u0627\u0646 \u0628\u0625\u0645\u0643\u0627\u0646 \u0643\u064a\u0627\u0646 \u062a\u0646\u0641\u064a\u0630 \u0625\u062c\u0631\u0627\u0621 \u0639\u0644\u0649 \u0645\u0648\u0631\u062f.<\/p>\n Cedar \u0647\u064a \u0627\u0644\u0623\u062d\u062f\u062b \u0641\u064a \u0647\u0630\u0647 \u0627\u0644\u0645\u0642\u0627\u0631\u0646\u0629\u060c \u0648\u062a\u0631\u0643\u064a\u0632\u0647\u0627 \u0623\u0636\u064a\u0642 \u0646\u0637\u0627\u0642\u0627\u064b \u0645\u0646 OPA \u0623\u0648 Kyverno. \u0628\u064a\u0646\u0645\u0627 \u062a\u062a\u0641\u0648\u0642 \u0641\u064a \u0642\u0631\u0627\u0631\u0627\u062a \u0627\u0644\u062a\u0641\u0648\u064a\u0636 \u0627\u0644\u062f\u0642\u064a\u0642\u0629\u060c \u0641\u0625\u0646 \u062a\u0637\u0628\u064a\u0642\u0647\u0627 \u0639\u0644\u0649 \u0625\u0646\u0641\u0627\u0630 \u0633\u064a\u0627\u0633\u0627\u062a CI\/CD \u0644\u0627 \u064a\u0632\u0627\u0644 \u0641\u064a \u0645\u0631\u0627\u062d\u0644\u0647 \u0627\u0644\u0623\u0648\u0644\u0649.<\/p>\n \u062a\u064f\u0639\u0637\u064a \u0644\u063a\u0629 Cedar \u0627\u0644\u0623\u0648\u0644\u0648\u064a\u0629 \u0644\u0644\u0645\u0642\u0631\u0648\u0626\u064a\u0629 \u0648\u0642\u0627\u0628\u0644\u064a\u0629 \u0627\u0644\u062a\u062d\u0644\u064a\u0644. \u062a\u064f\u0639\u0628\u064e\u0651\u0631 \u0627\u0644\u0633\u064a\u0627\u0633\u0627\u062a \u0643\u0639\u0628\u0627\u0631\u0627\u062a \u0633\u0645\u0627\u062d\/\u0631\u0641\u0636 \u062a\u064f\u0642\u0631\u0623 \u062a\u0642\u0631\u064a\u0628\u0627\u064b \u0643\u0627\u0644\u0644\u063a\u0629 \u0627\u0644\u0625\u0646\u062c\u0644\u064a\u0632\u064a\u0629:<\/p>\n \u0646\u0638\u0627\u0645 \u0627\u0644\u0623\u0646\u0648\u0627\u0639 \u0648\u0642\u062f\u0631\u0627\u062a \u0627\u0644\u062a\u062d\u0642\u0642 \u0627\u0644\u0631\u0633\u0645\u064a \u0641\u064a Cedar \u0641\u0631\u064a\u062f\u0629 \u0628\u064a\u0646 \u0627\u0644\u0645\u062d\u0631\u0643\u0627\u062a \u0641\u064a \u0647\u0630\u0647 \u0627\u0644\u0645\u0642\u0627\u0631\u0646\u0629. \u0646\u0634\u0631\u062a AWS \u0628\u0631\u0627\u0647\u064a\u0646 \u0631\u0633\u0645\u064a\u0629<\/a> \u0644\u062e\u0635\u0627\u0626\u0635 \u0631\u0626\u064a\u0633\u064a\u0629 \u0641\u064a \u0644\u063a\u0629 Cedar\u060c \u062a\u0636\u0645\u0646 \u0623\u0646 \u0627\u0644\u0633\u064a\u0627\u0633\u0627\u062a \u062a\u062a\u0635\u0631\u0641 \u0628\u0634\u0643\u0644 \u0645\u062a\u0648\u0642\u0639 \u0648\u064a\u0645\u0643\u0646 \u062a\u062d\u0644\u064a\u0644\u0647\u0627 \u0644\u0644\u0643\u0634\u0641 \u0639\u0646 \u0627\u0644\u062a\u0639\u0627\u0631\u0636\u0627\u062a \u0648\u0627\u0644\u062a\u0643\u0631\u0627\u0631 \u0648\u0627\u0644\u0627\u0643\u062a\u0645\u0627\u0644.<\/p>\n \u0642\u0635\u0629 \u062a\u0643\u0627\u0645\u0644 Cedar \u0645\u0639 CI\/CD \u0647\u064a \u0627\u0644\u0623\u0642\u0644 \u0646\u0636\u062c\u0627\u064b \u0628\u064a\u0646 \u0627\u0644\u0645\u062d\u0631\u0643\u0627\u062a \u0627\u0644\u0623\u0631\u0628\u0639\u0629. \u064a\u0645\u0643\u0646 \u0627\u0633\u062a\u062e\u062f\u0627\u0645\u0647\u0627 \u0644\u0646\u0645\u0630\u062c\u0629 \u0642\u0631\u0627\u0631\u0627\u062a \u062a\u0641\u0648\u064a\u0636 CI\/CD \u2014 \u0639\u0644\u0649 \u0633\u0628\u064a\u0644 \u0627\u0644\u0645\u062b\u0627\u0644\u060c \u0645\u0646 \u064a\u0645\u0643\u0646\u0647 \u0627\u0644\u0646\u0634\u0631 \u0641\u064a \u0623\u064a \u0628\u064a\u0626\u0629\u060c \u0648\u0623\u064a \u0623\u0646\u0627\u0628\u064a\u0628 \u064a\u0645\u0643\u0646\u0647\u0627 \u0627\u0644\u0648\u0635\u0648\u0644 \u0625\u0644\u0649 \u0623\u064a \u0623\u0633\u0631\u0627\u0631\u060c \u0648\u0623\u064a \u0641\u0631\u0648\u0639 \u064a\u0645\u0643\u0646\u0647\u0627 \u062a\u0634\u063a\u064a\u0644 \u0625\u0635\u062f\u0627\u0631\u0627\u062a \u0627\u0644\u0625\u0646\u062a\u0627\u062c \u2014 \u0644\u0643\u0646\u0647\u0627 \u062a\u062a\u0637\u0644\u0628 \u0639\u0645\u0644 \u062a\u0643\u0627\u0645\u0644 \u0645\u062e\u0635\u0635. \u0644\u0627 \u064a\u0648\u062c\u062f \u0645\u0627 \u064a\u0639\u0627\u062f\u0644 Conftest \u0623\u0648 Kyverno CLI \u0644\u0644\u062a\u062d\u0642\u0642 \u0645\u0646 \u0645\u0644\u0641\u0627\u062a Kubernetes manifests \u0623\u0648 \u062e\u0637\u0637 Terraform \u0645\u0642\u0627\u0628\u0644 \u0633\u064a\u0627\u0633\u0627\u062a Cedar \u062c\u0627\u0647\u0632\u0629 \u0644\u0644\u0627\u0633\u062a\u062e\u062f\u0627\u0645.<\/p>\n \u0648\u0645\u0639 \u0630\u0644\u0643\u060c \u0641\u0625\u0646 SDK \u0627\u0644\u062e\u0627\u0635 \u0628\u0640 Cedar \u0645\u062a\u0627\u062d \u0628\u0644\u063a\u0627\u062a Rust \u0648Java \u0648Go\u060c \u0648\u064a\u0645\u0643\u0646 \u062a\u0636\u0645\u064a\u0646 \u0645\u062d\u0631\u0643 \u0627\u0644\u062a\u0642\u064a\u064a\u0645 \u0641\u064a \u0623\u062f\u0648\u0627\u062a CI\/CD \u0627\u0644\u0645\u062e\u0635\u0635\u0629. \u0642\u062f \u062a\u062c\u062f \u0627\u0644\u0641\u0631\u0642 \u0627\u0644\u062a\u064a \u062a\u0628\u0646\u064a \u0645\u0646\u0635\u0627\u062a \u0646\u0634\u0631 \u0645\u062e\u0635\u0635\u0629 \u0639\u0644\u0649 AWS \u0623\u0646 Cedar \u062e\u064a\u0627\u0631 \u0637\u0628\u064a\u0639\u064a \u0644\u0645\u0646\u0637\u0642 \u0627\u0644\u062a\u0641\u0648\u064a\u0636.<\/p>\ns3:*<\/code>\u061f \u064a\u0641\u0634\u0644 \u0627\u0644\u0623\u0646\u0628\u0648\u0628 \u0645\u0639 \u0631\u0633\u0627\u0644\u0629 \u0648\u0627\u0636\u062d\u0629 \u062a\u0634\u0631\u062d \u0627\u0644\u0633\u0628\u0628. \u0647\u0644 \u064a\u064f\u0634\u063a\u0651\u0644 \u0645\u0644\u0641 Kubernetes manifest \u062d\u0627\u0648\u064a\u0629 \u0628\u0635\u0644\u0627\u062d\u064a\u0627\u062a root\u061f \u064a\u064f\u062d\u0638\u0631 \u0642\u0628\u0644 \u0623\u0646 \u064a\u0635\u0644 \u0625\u0644\u0649 \u0627\u0644\u0639\u0646\u0642\u0648\u062f.<\/p>\nOpen Policy Agent (OPA) \u0648\u0644\u063a\u0629 Rego<\/h2>\n
\u0646\u0638\u0631\u0629 \u0639\u0627\u0645\u0629<\/h3>\n
\u0644\u063a\u0629 \u0627\u0644\u0633\u064a\u0627\u0633\u0627\u062a: Rego<\/h3>\n
package kubernetes.admission\n\ndeny[msg] {\n input.request.kind.kind == \"Pod\"\n container := input.request.object.spec.containers[_]\n container.securityContext.runAsUser == 0\n msg := sprintf(\"Container '%v' must not run as root\", [container.name])\n}<\/code><\/pre>\n[_]<\/code>.<\/p>\n\u062a\u0643\u0627\u0645\u0644 CI\/CD \u0645\u0639 Conftest<\/h3>\n
conftest test deployment.yaml --policy .\/policies\/ --output json<\/code><\/pre>\n\u0646\u0642\u0627\u0637 \u0627\u0644\u0642\u0648\u0629<\/h3>\n
\n
opa test<\/code>\u060c \u0628\u0645\u0627 \u0641\u064a \u0630\u0644\u0643 \u062a\u062d\u0644\u064a\u0644 \u0627\u0644\u062a\u063a\u0637\u064a\u0629.<\/li>\n\u0646\u0642\u0627\u0637 \u0627\u0644\u0636\u0639\u0641<\/h3>\n
\n
Kyverno<\/h2>\n
\u0646\u0638\u0631\u0629 \u0639\u0627\u0645\u0629<\/h3>\n
\u0644\u063a\u0629 \u0627\u0644\u0633\u064a\u0627\u0633\u0627\u062a: YAML (\u0623\u0635\u0644\u064a\u0629 \u0644\u0640 Kubernetes)<\/h3>\n
apiVersion: kyverno.io\/v1\nkind: ClusterPolicy\nmetadata:\n name: require-run-as-nonroot\nspec:\n validationFailureAction: Enforce\n rules:\n - name: check-containers\n match:\n any:\n - resources:\n kinds:\n - Pod\n validate:\n message: \"Containers must not run as root\"\n pattern:\n spec:\n containers:\n - securityContext:\n runAsNonRoot: true<\/code><\/pre>\n\u062a\u0643\u0627\u0645\u0644 CI\/CD<\/h3>\n
kyverno apply .\/policies\/ --resource deployment.yaml<\/code><\/pre>\n\u0646\u0642\u0627\u0637 \u0627\u0644\u0642\u0648\u0629<\/h3>\n
\n
\u0646\u0642\u0627\u0637 \u0627\u0644\u0636\u0639\u0641<\/h3>\n
\n
HashiCorp Sentinel<\/h2>\n
\u0646\u0638\u0631\u0629 \u0639\u0627\u0645\u0629<\/h3>\n
\u0644\u063a\u0629 \u0627\u0644\u0633\u064a\u0627\u0633\u0627\u062a: \u0644\u063a\u0629 Sentinel<\/h3>\n
import \"tfplan\/v2\" as tfplan\n\nallowed_instance_types = [\"t3.micro\", \"t3.small\", \"t3.medium\"]\n\nmain = rule {\n all tfplan.resource_changes as _, rc {\n rc.type is \"aws_instance\" implies\n rc.change.after.instance_type in allowed_instance_types\n }\n}<\/code><\/pre>\n\u062a\u0643\u0627\u0645\u0644 CI\/CD<\/h3>\n
terraform plan<\/code> \u0641\u064a Terraform Cloud\u060c \u0648\u062a\u062d\u062f\u062f \u0645\u0633\u062a\u0648\u064a\u0627\u062a \u0627\u0644\u0625\u0646\u0641\u0627\u0630 \u0645\u0627 \u0625\u0630\u0627 \u0643\u0627\u0646\u062a \u0627\u0644\u0645\u062e\u0627\u0644\u0641\u0627\u062a \u062a\u064f\u0646\u062a\u062c \u062a\u062d\u0630\u064a\u0631\u0627\u062a \u0623\u0648 \u062a\u0645\u0646\u0639 \u0627\u0644\u062a\u0637\u0628\u064a\u0642. \u0647\u0630\u0627 \u0627\u0644\u062a\u0643\u0627\u0645\u0644 \u0627\u0644\u0648\u062b\u064a\u0642 \u0647\u0648 \u0623\u0643\u0628\u0631 \u0646\u0642\u0637\u0629 \u0642\u0648\u0629 \u0644\u0640 Sentinel \u0648\u0642\u064a\u062f\u0647 \u0627\u0644\u0623\u0633\u0627\u0633\u064a \u0641\u064a \u0622\u0646 \u0648\u0627\u062d\u062f.<\/p>\nsentinel<\/code>) \u0628\u0627\u0644\u0627\u062e\u062a\u0628\u0627\u0631 \u0648\u0627\u0644\u062a\u0642\u064a\u064a\u0645 \u0627\u0644\u0645\u062d\u0644\u064a\u060c \u0644\u0643\u0646\u0647 \u064a\u0639\u0645\u0644 \u0639\u0644\u0649 \u0628\u064a\u0627\u0646\u0627\u062a \u0648\u0647\u0645\u064a\u0629 \u0628\u062f\u0644\u0627\u064b \u0645\u0646 \u062d\u0627\u0644\u0629 \u0627\u0644\u0628\u0646\u064a\u0629 \u0627\u0644\u062a\u062d\u062a\u064a\u0629 \u0627\u0644\u062d\u064a\u0629. \u064a\u0645\u0643\u0646\u0643 \u0627\u062e\u062a\u0628\u0627\u0631 \u0633\u064a\u0627\u0633\u0627\u062a Sentinel \u0641\u064a \u0623\u0646\u0628\u0648\u0628 CI\u060c \u0644\u0643\u0646 \u0646\u0642\u0637\u0629 \u0627\u0644\u0625\u0646\u0641\u0627\u0630 \u0627\u0644\u0623\u0633\u0627\u0633\u064a\u0629 \u062a\u0643\u0648\u0646 \u062f\u0627\u062e\u0644 \u0645\u0646\u062a\u062c\u0627\u062a HashiCorp \u0646\u0641\u0633\u0647\u0627.<\/p>\n\u0646\u0642\u0627\u0637 \u0627\u0644\u0642\u0648\u0629<\/h3>\n
\n
\u0646\u0642\u0627\u0637 \u0627\u0644\u0636\u0639\u0641<\/h3>\n
\n
AWS Cedar<\/h2>\n
\u0646\u0638\u0631\u0629 \u0639\u0627\u0645\u0629<\/h3>\n
\u0644\u063a\u0629 \u0627\u0644\u0633\u064a\u0627\u0633\u0627\u062a: Cedar<\/h3>\n
\/\/ Only allow production deployments from the main branch\nforbid (\n principal,\n action == Action::\"deploy\",\n resource == Environment::\"production\"\n) unless {\n context.source_branch == \"main\" &&\n context.tests_passed == true &&\n context.approvals >= 2\n};<\/code><\/pre>\n\u062a\u0643\u0627\u0645\u0644 CI\/CD<\/h3>\n
\u0646\u0642\u0627\u0637 \u0627\u0644\u0642\u0648\u0629<\/h3>\n
\n
\u0646\u0642\u0627\u0637 \u0627\u0644\u0636\u0639\u0641<\/h3>\n
\n
\u062c\u062f\u0648\u0644 \u0627\u0644\u0645\u0642\u0627\u0631\u0646\u0629<\/h2>\n