Skip to content

Commit

Permalink
chore: update artifacthub-pkg.yaml
Browse files Browse the repository at this point in the history 
Signed-off-by: Mariam Fahmy <[email protected]>
  • Loading branch information
@MariamFahmy98
MariamFahmy98 committed Dec 4, 2023
1 parent e16787c commit b83bfbb
Show file tree
Hide file tree
Showing 24 changed files with 24 additions and 18 deletions.
1 change: 1 addition & 0 deletions pod-security-cel/restricted/disallow-capabilities-strict/artifacthub-pkg.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,3 +20,4 @@ annotations:
kyverno/kubernetesVersion: "1.26-1.27"
kyverno/subject: "Pod"
digest: 60ad5b4ff51fd28a3411cb5bf421eefd20c8e429b20b7230a7f3540798992a98
createdAt: "2023-12-04T09:04:49Z"
1 change: 1 addition & 0 deletions pod-security-cel/restricted/disallow-privilege-escalation/artifacthub-pkg.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,3 +20,4 @@ annotations:
kyverno/kubernetesVersion: "1.26-1.27"
kyverno/subject: "Pod"
digest: 5cd9385a1a04963b0d35bb97bf96df95c339ddcf50a463a6aa00aab45a1a4a9d
createdAt: "2023-12-04T09:04:49Z"
1 change: 1 addition & 0 deletions pod-security-cel/restricted/require-run-as-non-root-user/artifacthub-pkg.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,3 +20,4 @@ annotations:
kyverno/kubernetesVersion: "1.26-1.27"
kyverno/subject: "Pod"
digest: 00cbb639cdee5eadda13bd1716a853e4f499123790a42da00750c2b180986e5f
createdAt: "2023-12-04T09:04:49Z"
1 change: 1 addition & 0 deletions pod-security-cel/restricted/require-run-as-nonroot/artifacthub-pkg.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,3 +20,4 @@ annotations:
kyverno/kubernetesVersion: "1.26-1.27"
kyverno/subject: "Pod"
digest: eb0261435598813cea36c9084504a3e06bfe5b467a8b981289d3032bddee83ac
createdAt: "2023-12-04T09:04:49Z"
1 change: 1 addition & 0 deletions pod-security-cel/restricted/restrict-seccomp-strict/artifacthub-pkg.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,3 +20,4 @@ annotations:
kyverno/kubernetesVersion: "1.26-1.27"
kyverno/subject: "Pod"
digest: f3e7aeef4cf853925df877b30910c5b1d6efc43a0b5d666b87f7f8e56b1fe358
createdAt: "2023-12-04T09:04:49Z"
1 change: 1 addition & 0 deletions pod-security-cel/restricted/restrict-volume-types/artifacthub-pkg.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,3 +20,4 @@ annotations:
kyverno/kubernetesVersion: "1.26-1.27"
kyverno/subject: "Pod,Volume"
digest: 69616bcd897f10ee6a6ee56e3cafa41157dec57051cfc8173636928537721677
createdAt: "2023-12-04T09:04:49Z"
2 changes: 1 addition & 1 deletion pod-security/restricted/disallow-capabilities-strict/01-enforce.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,4 @@ apiVersion: kuttl.dev/v1beta1
kind: TestStep
commands:
- script: |
sed 's/validationFailureAction: audit/validationFailureAction: Enforce/' disallow-capabilities-strict.yaml | kubectl create -f -
sed 's/validationFailureAction: Audit/validationFailureAction: Enforce/' disallow-capabilities-strict.yaml | kubectl create -f -
2 changes: 1 addition & 1 deletion pod-security/restricted/disallow-capabilities-strict/artifacthub-pkg.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,4 +19,4 @@ annotations:
kyverno/category: "Pod Security Standards (Restricted)"
kyverno/kubernetesVersion: "1.22-1.23"
kyverno/subject: "Pod"
digest: c9ad4e28dafebe6064adfd1a8256a88ca610b8d0d8aea1b23aa772f06b5d793a
digest: 6000c5c6e0a0b0f87d67dd9a382a871f301dc2daa02d649abfe9fa14d0bff253
2 changes: 1 addition & 1 deletion pod-security/restricted/disallow-capabilities-strict/disallow-capabilities-strict.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ metadata:
Adding capabilities other than `NET_BIND_SERVICE` is disallowed. In addition,
all containers must explicitly drop `ALL` capabilities.
spec:
validationFailureAction: audit
validationFailureAction: Audit
background: true
rules:
- name: require-drop-all
Expand Down
2 changes: 1 addition & 1 deletion pod-security/restricted/disallow-privilege-escalation/01-enforce.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,4 @@ apiVersion: kuttl.dev/v1beta1
kind: TestStep
commands:
- script: |
sed 's/validationFailureAction: audit/validationFailureAction: Enforce/' disallow-privilege-escalation.yaml | kubectl create -f -
sed 's/validationFailureAction: Audit/validationFailureAction: Enforce/' disallow-privilege-escalation.yaml | kubectl create -f -
2 changes: 1 addition & 1 deletion pod-security/restricted/disallow-privilege-escalation/artifacthub-pkg.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,4 +19,4 @@ annotations:
kyverno/category: "Pod Security Standards (Restricted)"
kyverno/kubernetesVersion: "1.22-1.23"
kyverno/subject: "Pod"
digest: e8ce822cc387d097b86c462e1ed2ccc0136395e0c42e0731b722ed31cef9042d
digest: 896f413ddf85259b6b61515bc6327ea9f6d9b4b76db43dec745cbd16dfcc9974
2 changes: 1 addition & 1 deletion pod-security/restricted/disallow-privilege-escalation/disallow-privilege-escalation.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ metadata:
Privilege escalation, such as via set-user-ID or set-group-ID file mode, should not be allowed.
This policy ensures the `allowPrivilegeEscalation` field is set to `false`.
spec:
validationFailureAction: audit
validationFailureAction: Audit
background: true
rules:
- name: privilege-escalation
Expand Down
2 changes: 1 addition & 1 deletion pod-security/restricted/require-run-as-non-root-user/01-enforce.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,4 @@ apiVersion: kuttl.dev/v1beta1
kind: TestStep
commands:
- script: |
sed 's/validationFailureAction: audit/validationFailureAction: Enforce/' require-run-as-non-root-user.yaml | kubectl create -f -
sed 's/validationFailureAction: Audit/validationFailureAction: Enforce/' require-run-as-non-root-user.yaml | kubectl create -f -
2 changes: 1 addition & 1 deletion pod-security/restricted/require-run-as-non-root-user/artifacthub-pkg.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,4 +19,4 @@ annotations:
kyverno/category: "Pod Security Standards (Restricted)"
kyverno/kubernetesVersion: "1.22-1.23"
kyverno/subject: "Pod"
digest: ba2f062dce7055a18dba8f45007cb89575be9e027bbd7c3d4a43115333dfea5d
digest: 51d4e6bf94bdf4139e904740b241f59d0c6ad82db5d41e34c8384183f60d97ad
2 changes: 1 addition & 1 deletion pod-security/restricted/require-run-as-non-root-user/require-run-as-non-root-user.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ metadata:
Containers must be required to run as non-root users. This policy ensures
`runAsUser` is either unset or set to a number greater than zero.
spec:
validationFailureAction: audit
validationFailureAction: Audit
background: true
rules:
- name: run-as-non-root-user
Expand Down
2 changes: 1 addition & 1 deletion pod-security/restricted/require-run-as-nonroot/01-enforce.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,4 @@ apiVersion: kuttl.dev/v1beta1
kind: TestStep
commands:
- script: |
sed 's/validationFailureAction: audit/validationFailureAction: Enforce/' require-run-as-nonroot.yaml | kubectl create -f -
sed 's/validationFailureAction: Audit/validationFailureAction: Enforce/' require-run-as-nonroot.yaml | kubectl create -f -
2 changes: 1 addition & 1 deletion pod-security/restricted/require-run-as-nonroot/artifacthub-pkg.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,4 +19,4 @@ annotations:
kyverno/category: "Pod Security Standards (Restricted)"
kyverno/kubernetesVersion: "1.22-1.23"
kyverno/subject: "Pod"
digest: 6b662e81d2e326be2844f05a81ba92a938006514b0d7dd0c15aa2ab526c7077b
digest: 41b892b201760036c88b6f6763db2e330aa1f5d03064e77ec38d6c6bbc5ff587
2 changes: 1 addition & 1 deletion pod-security/restricted/require-run-as-nonroot/require-run-as-nonroot.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ metadata:
`runAsNonRoot` is set to `true`. A known issue prevents a policy such as this
using `anyPattern` from being persisted properly in Kubernetes 1.23.0-1.23.2.
spec:
validationFailureAction: audit
validationFailureAction: Audit
background: true
rules:
- name: run-as-non-root
Expand Down
2 changes: 1 addition & 1 deletion pod-security/restricted/restrict-seccomp-strict/01-enforce.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,4 @@ apiVersion: kuttl.dev/v1beta1
kind: TestStep
commands:
- script: |
sed 's/validationFailureAction: audit/validationFailureAction: Enforce/' restrict-seccomp-strict.yaml | kubectl create -f -
sed 's/validationFailureAction: Audit/validationFailureAction: Enforce/' restrict-seccomp-strict.yaml | kubectl create -f -
2 changes: 1 addition & 1 deletion pod-security/restricted/restrict-seccomp-strict/artifacthub-pkg.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,4 +19,4 @@ annotations:
kyverno/category: "Pod Security Standards (Restricted)"
kyverno/kubernetesVersion: "1.22-1.23"
kyverno/subject: "Pod"
digest: 303a7f45eadad3b128126f5ae05dd2e9c3a24279034d6b89051127e4f7c39322
digest: ccde04c25c74488da3ef02e15a4185c8b34218e817b8976d0536cdfb05b912f4
2 changes: 1 addition & 1 deletion pod-security/restricted/restrict-seccomp-strict/restrict-seccomp-strict.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ metadata:
using `anyPattern` from being persisted properly in Kubernetes 1.23.0-1.23.2.
spec:
background: true
validationFailureAction: audit
validationFailureAction: Audit
rules:
- name: check-seccomp-strict
match:
Expand Down
2 changes: 1 addition & 1 deletion pod-security/restricted/restrict-volume-types/01-enforce.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,6 @@ apiVersion: kuttl.dev/v1beta1
kind: TestStep
commands:
- script: |
sed 's/validationFailureAction: audit/validationFailureAction: Enforce/' restrict-volume-types.yaml | kubectl create -f -
sed 's/validationFailureAction: Audit/validationFailureAction: Enforce/' restrict-volume-types.yaml | kubectl create -f -
apply:
- ns.yaml
2 changes: 1 addition & 1 deletion pod-security/restricted/restrict-volume-types/artifacthub-pkg.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,4 +19,4 @@ annotations:
kyverno/category: "Pod Security Standards (Restricted)"
kyverno/kubernetesVersion: "1.22-1.23"
kyverno/subject: "Pod,Volume"
digest: f050ec83c6176c4124cb678418bba7326d9885bd23ee9669e19761d8ec8a0cf2
digest: 66179d39a81d5c556ff011609a38509aa579a8cb7f63fbf241579f327052ee05
2 changes: 1 addition & 1 deletion pod-security/restricted/restrict-volume-types/restrict-volume-types.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ metadata:
limits usage of non-core volume types to those defined through PersistentVolumes.
This policy blocks any other type of volume other than those in the allow list.
spec:
validationFailureAction: audit
validationFailureAction: Audit
background: true
rules:
- name: restricted-volumes
Expand Down

0 comments on commit b83bfbb

Please sign in to comment.