generated from kubewarden/go-policy-template
-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathartifacthub-pkg.yml
88 lines (88 loc) · 2.72 KB
/
artifacthub-pkg.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
# Kubewarden Artifacthub Package config
#
# Use this config to submit the policy to https://artifacthub.io.
#
# This config can be saved to its default location with:
# kwctl scaffold artifacthub > artifacthub-pkg.yml
version: 0.1.14
name: safe-labels
displayName: Safe Labels
createdAt: 2023-10-16T08:31:39.047026359Z
description: A policy that validates Kubernetes' resource labels
license: Apache-2.0
homeURL: https://github.com/kubewarden/safe-labels-policy
containersImages:
- name: policy
image: ghcr.io/kubewarden/policies/safe-labels:v0.1.14
keywords:
- labels
links:
- name: policy
url: https://github.com/kubewarden/safe-labels-policy/releases/download/v0.1.14/policy.wasm
- name: source
url: https://github.com/kubewarden/safe-labels-policy
install: |
The policy can be obtained using [`kwctl`](https://github.com/kubewarden/kwctl):
```console
kwctl pull ghcr.io/kubewarden/policies/safe-labels:v0.1.14
```
Then, generate the policy manifest and tune it to your liking. For example:
```console
kwctl scaffold manifest -t ClusterAdmissionPolicy registry://ghcr.io/kubewarden/policies/safe-labels:v0.1.14
```
maintainers:
- name: Kubewarden developers
email: [email protected]
provider:
name: kubewarden
recommendations:
- url: https://artifacthub.io/packages/helm/kubewarden/kubewarden-controller
annotations:
kubewarden/mutation: 'false'
kubewarden/questions-ui: |
questions:
- default: null
description: >-
This policy validates the labels of generic Kubernetes objects. It rejects
all the resources that use one or more labels on the deny list. It also
allows you to put constraints on specific labels. The constraints are
expressed as regular expression. It will also allow you to require specific
labels to be part of the resource.
group: Settings
label: Description
required: false
hide_input: true
type: map
variable: description
- default: []
description: A list of labels that cannot be used
group: Settings
label: Denied labels
required: false
type: array[
variable: denied_labels
- default: []
description: A list of labels that must be defined
group: Settings
label: Mandatory labels
required: false
type: array[
variable: mandatory_labels
- default: {}
tooltip: Annotations that are validated with user-defined RegExp
group: Settings
label: Constrained labels
target: true
type: map[
variable: constrained_labels
kubewarden/resources: '*'
kubewarden/rules: |
- apiGroups:
- '*'
apiVersions:
- '*'
resources:
- '*'
operations:
- CREATE
- UPDATE