-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathartifacthub-pkg.yml
115 lines (115 loc) · 4.06 KB
/
artifacthub-pkg.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
# Kubewarden Artifacthub Package config
#
# Use this config to submit the policy to https://artifacthub.io.
#
# This config can be saved to its default location with:
# kwctl scaffold artifacthub > artifacthub-pkg.yml
version: 0.1.3
name: psa-label-enforcer
displayName: PSA Label Enforcer
createdAt: 2023-12-22T10:30:01.304148938Z
description: Policy to ensure that namespaces have the required PSA labels configuration for deployment in the cluster.
license: Apache-2.0
homeURL: https://github.com/kubewarden/psa-label-enforcer
containersImages:
- name: policy
image: ghcr.io/kubewarden/policies/psa-label-enforcer:v0.1.3
keywords:
- namespace
- psa
- kubewarden
links:
- name: policy
url: https://github.com/kubwarden/psa-label-enforcer/releases/download/v0.1.3/policy.wasm
- name: source
url: https://github.com/kubwarden/psa-label-enforcer
install: |
The policy can be obtained using [`kwctl`](https://github.com/kubewarden/kwctl):
```console
kwctl pull ghcr.io/kubewarden/policies/psa-label-enforcer:v0.1.3
```
Then, generate the policy manifest and tune it to your liking. For example:
```console
kwctl scaffold manifest -t ClusterAdmissionPolicy registry://ghcr.io/kubewarden/policies/psa-label-enforcer:v0.1.3
```
maintainers:
- name: Kubewarden developers
email: [email protected]
provider:
name: kubewarden
recommendations:
- url: https://artifacthub.io/packages/helm/kubewarden/kubewarden-controller
annotations:
kubewarden/mutation: 'true'
kubewarden/questions-ui: |
questions:
- default: null
description: >-
This policy ensures that namespaces have the required PSA labels configuration for deployment in the cluster. The policy validates whether the PSA labels defined in the namespace comply with the configuration specified in the policy settings. If the labels do not match the configuration, the policy will modify the required labels to meet the requirements.
group: Settings
label: Description
required: false
hide_input: true
type: string
variable: description
- default: {}
description: >-
The policy settings consist of fields where the user can define the pod security levels and versions to be used in the deployed namespace. While it is not necessary to define all the modes in the policy settings, at least one mode must be defined, with or without the mode version. The mode level fields allow three values: baseline, restricted, and privileged. It is not permitted to define the mode version without specifying the mode level. The mode version must follow the v<major>.<minor> version pattern or use the latest value.
label: Modes
hide_input: true
type: map[
variable: modes
subquestions:
- default: ''
group: Settings
label: Enforce
options:
- baseline
- restricted
- privileged
type: enum
variable: modes.enforce
- default: ''
group: Settings
label: Enforce Version
type: string
variable: modes.enforce-version
- default: ''
group: Settings
label: Audit
options:
- baseline
- restricted
- privileged
type: enum
variable: modes.audit
- default: ''
group: Settings
label: Audit Version
type: string
variable: modes.audit-version
- default: ''
group: Settings
label: Warn
options:
- baseline
- restricted
- privileged
type: enum
variable: modes.warn
- default: ''
group: Settings
label: Warn Version
type: string
variable: modes.warn-version
kubewarden/resources: Namespace
kubewarden/rules: |
- apiGroups:
- ''
apiVersions:
- v1
resources:
- namespaces
operations:
- CREATE
- UPDATE