mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-31 03:45:17 +00:00
feat: support background mode configuration in kyverno-policies chart (#3299)
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>
This commit is contained in:
Charles-Edouard Brétéché
GitHub
parent
c4075af3d1
commit
c79b66d3a3
19 changed files with 20 additions and 18 deletions
|
|
@ -22,7 +22,7 @@ spec:
|
||||||
{{- with concat (index .Values "validationFailureActionOverrides" "all") (default list (index .Values "validationFailureActionOverrides" $name)) }}
|
{{- with concat (index .Values "validationFailureActionOverrides" "all") (default list (index .Values "validationFailureActionOverrides" $name)) }}
|
||||||
validationFailureActionOverrides: {{ toYaml . | nindent 4 }}
|
validationFailureActionOverrides: {{ toYaml . | nindent 4 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
background: true
|
background: {{ .Values.background }}
|
||||||
rules:
|
rules:
|
||||||
- name: adding-capabilities
|
- name: adding-capabilities
|
||||||
match:
|
match:
|
||||||
|
|
|
||||||
|
|
@ -23,7 +23,7 @@ spec:
|
||||||
{{- with concat (index .Values "validationFailureActionOverrides" "all") (default list (index .Values "validationFailureActionOverrides" $name)) }}
|
{{- with concat (index .Values "validationFailureActionOverrides" "all") (default list (index .Values "validationFailureActionOverrides" $name)) }}
|
||||||
validationFailureActionOverrides: {{ toYaml . | nindent 4 }}
|
validationFailureActionOverrides: {{ toYaml . | nindent 4 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
background: true
|
background: {{ .Values.background }}
|
||||||
rules:
|
rules:
|
||||||
- name: host-namespaces
|
- name: host-namespaces
|
||||||
match:
|
match:
|
||||||
|
|
|
||||||
|
|
@ -22,7 +22,7 @@ spec:
|
||||||
{{- with concat (index .Values "validationFailureActionOverrides" "all") (default list (index .Values "validationFailureActionOverrides" $name)) }}
|
{{- with concat (index .Values "validationFailureActionOverrides" "all") (default list (index .Values "validationFailureActionOverrides" $name)) }}
|
||||||
validationFailureActionOverrides: {{ toYaml . | nindent 4 }}
|
validationFailureActionOverrides: {{ toYaml . | nindent 4 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
background: true
|
background: {{ .Values.background }}
|
||||||
rules:
|
rules:
|
||||||
- name: host-path
|
- name: host-path
|
||||||
match:
|
match:
|
||||||
|
|
|
||||||
|
|
@ -22,7 +22,7 @@ spec:
|
||||||
{{- with concat (index .Values "validationFailureActionOverrides" "all") (default list (index .Values "validationFailureActionOverrides" $name)) }}
|
{{- with concat (index .Values "validationFailureActionOverrides" "all") (default list (index .Values "validationFailureActionOverrides" $name)) }}
|
||||||
validationFailureActionOverrides: {{ toYaml . | nindent 4 }}
|
validationFailureActionOverrides: {{ toYaml . | nindent 4 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
background: true
|
background: {{ .Values.background }}
|
||||||
rules:
|
rules:
|
||||||
- name: host-ports-none
|
- name: host-ports-none
|
||||||
match:
|
match:
|
||||||
|
|
|
||||||
|
|
@ -23,7 +23,7 @@ spec:
|
||||||
{{- with concat (index .Values "validationFailureActionOverrides" "all") (default list (index .Values "validationFailureActionOverrides" $name)) }}
|
{{- with concat (index .Values "validationFailureActionOverrides" "all") (default list (index .Values "validationFailureActionOverrides" $name)) }}
|
||||||
validationFailureActionOverrides: {{ toYaml . | nindent 4 }}
|
validationFailureActionOverrides: {{ toYaml . | nindent 4 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
background: true
|
background: {{ .Values.background }}
|
||||||
rules:
|
rules:
|
||||||
- name: host-process-containers
|
- name: host-process-containers
|
||||||
match:
|
match:
|
||||||
|
|
|
||||||
|
|
@ -21,7 +21,7 @@ spec:
|
||||||
{{- with concat (index .Values "validationFailureActionOverrides" "all") (default list (index .Values "validationFailureActionOverrides" $name)) }}
|
{{- with concat (index .Values "validationFailureActionOverrides" "all") (default list (index .Values "validationFailureActionOverrides" $name)) }}
|
||||||
validationFailureActionOverrides: {{ toYaml . | nindent 4 }}
|
validationFailureActionOverrides: {{ toYaml . | nindent 4 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
background: true
|
background: {{ .Values.background }}
|
||||||
rules:
|
rules:
|
||||||
- name: privileged-containers
|
- name: privileged-containers
|
||||||
match:
|
match:
|
||||||
|
|
|
||||||
|
|
@ -23,7 +23,7 @@ spec:
|
||||||
{{- with concat (index .Values "validationFailureActionOverrides" "all") (default list (index .Values "validationFailureActionOverrides" $name)) }}
|
{{- with concat (index .Values "validationFailureActionOverrides" "all") (default list (index .Values "validationFailureActionOverrides" $name)) }}
|
||||||
validationFailureActionOverrides: {{ toYaml . | nindent 4 }}
|
validationFailureActionOverrides: {{ toYaml . | nindent 4 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
background: true
|
background: {{ .Values.background }}
|
||||||
rules:
|
rules:
|
||||||
- name: check-proc-mount
|
- name: check-proc-mount
|
||||||
match:
|
match:
|
||||||
|
|
|
||||||
|
|
@ -21,7 +21,7 @@ spec:
|
||||||
{{- with concat (index .Values "validationFailureActionOverrides" "all") (default list (index .Values "validationFailureActionOverrides" $name)) }}
|
{{- with concat (index .Values "validationFailureActionOverrides" "all") (default list (index .Values "validationFailureActionOverrides" $name)) }}
|
||||||
validationFailureActionOverrides: {{ toYaml . | nindent 4 }}
|
validationFailureActionOverrides: {{ toYaml . | nindent 4 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
background: true
|
background: {{ .Values.background }}
|
||||||
rules:
|
rules:
|
||||||
- name: selinux-type
|
- name: selinux-type
|
||||||
match:
|
match:
|
||||||
|
|
|
||||||
|
|
@ -24,7 +24,7 @@ spec:
|
||||||
{{- with concat (index .Values "validationFailureActionOverrides" "all") (default list (index .Values "validationFailureActionOverrides" $name)) }}
|
{{- with concat (index .Values "validationFailureActionOverrides" "all") (default list (index .Values "validationFailureActionOverrides" $name)) }}
|
||||||
validationFailureActionOverrides: {{ toYaml . | nindent 4 }}
|
validationFailureActionOverrides: {{ toYaml . | nindent 4 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
background: true
|
background: {{ .Values.background }}
|
||||||
rules:
|
rules:
|
||||||
- name: app-armor
|
- name: app-armor
|
||||||
match:
|
match:
|
||||||
|
|
|
||||||
|
|
@ -18,7 +18,7 @@ metadata:
|
||||||
requiring Kubernetes v1.19 or later, ensures that seccomp is unset or
|
requiring Kubernetes v1.19 or later, ensures that seccomp is unset or
|
||||||
set to `RuntimeDefault` or `Localhost`.
|
set to `RuntimeDefault` or `Localhost`.
|
||||||
spec:
|
spec:
|
||||||
background: true
|
background: {{ .Values.background }}
|
||||||
validationFailureAction: {{ .Values.validationFailureAction }}
|
validationFailureAction: {{ .Values.validationFailureAction }}
|
||||||
{{- with concat (index .Values "validationFailureActionOverrides" "all") (default list (index .Values "validationFailureActionOverrides" $name)) }}
|
{{- with concat (index .Values "validationFailureActionOverrides" "all") (default list (index .Values "validationFailureActionOverrides" $name)) }}
|
||||||
validationFailureActionOverrides: {{ toYaml . | nindent 4 }}
|
validationFailureActionOverrides: {{ toYaml . | nindent 4 }}
|
||||||
|
|
|
||||||
|
|
@ -25,7 +25,7 @@ spec:
|
||||||
{{- with concat (index .Values "validationFailureActionOverrides" "all") (default list (index .Values "validationFailureActionOverrides" $name)) }}
|
{{- with concat (index .Values "validationFailureActionOverrides" "all") (default list (index .Values "validationFailureActionOverrides" $name)) }}
|
||||||
validationFailureActionOverrides: {{ toYaml . | nindent 4 }}
|
validationFailureActionOverrides: {{ toYaml . | nindent 4 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
background: true
|
background: {{ .Values.background }}
|
||||||
rules:
|
rules:
|
||||||
- name: check-sysctls
|
- name: check-sysctls
|
||||||
match:
|
match:
|
||||||
|
|
|
||||||
|
|
@ -23,7 +23,7 @@ spec:
|
||||||
{{- with concat (index .Values "validationFailureActionOverrides" "all") (default list (index .Values "validationFailureActionOverrides" $name)) }}
|
{{- with concat (index .Values "validationFailureActionOverrides" "all") (default list (index .Values "validationFailureActionOverrides" $name)) }}
|
||||||
validationFailureActionOverrides: {{ toYaml . | nindent 4 }}
|
validationFailureActionOverrides: {{ toYaml . | nindent 4 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
background: true
|
background: {{ .Values.background }}
|
||||||
rules:
|
rules:
|
||||||
- name: check-runasgroup
|
- name: check-runasgroup
|
||||||
match:
|
match:
|
||||||
|
|
|
||||||
|
|
@ -23,7 +23,7 @@ spec:
|
||||||
{{- with concat (index .Values "validationFailureActionOverrides" "all") (default list (index .Values "validationFailureActionOverrides" $name)) }}
|
{{- with concat (index .Values "validationFailureActionOverrides" "all") (default list (index .Values "validationFailureActionOverrides" $name)) }}
|
||||||
validationFailureActionOverrides: {{ toYaml . | nindent 4 }}
|
validationFailureActionOverrides: {{ toYaml . | nindent 4 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
background: true
|
background: {{ .Values.background }}
|
||||||
rules:
|
rules:
|
||||||
- name: require-drop-all
|
- name: require-drop-all
|
||||||
match:
|
match:
|
||||||
|
|
|
||||||
|
|
@ -21,7 +21,7 @@ spec:
|
||||||
{{- with concat (index .Values "validationFailureActionOverrides" "all") (default list (index .Values "validationFailureActionOverrides" $name)) }}
|
{{- with concat (index .Values "validationFailureActionOverrides" "all") (default list (index .Values "validationFailureActionOverrides" $name)) }}
|
||||||
validationFailureActionOverrides: {{ toYaml . | nindent 4 }}
|
validationFailureActionOverrides: {{ toYaml . | nindent 4 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
background: true
|
background: {{ .Values.background }}
|
||||||
rules:
|
rules:
|
||||||
- name: privilege-escalation
|
- name: privilege-escalation
|
||||||
match:
|
match:
|
||||||
|
|
|
||||||
|
|
@ -21,7 +21,7 @@ spec:
|
||||||
{{- with concat (index .Values "validationFailureActionOverrides" "all") (default list (index .Values "validationFailureActionOverrides" $name)) }}
|
{{- with concat (index .Values "validationFailureActionOverrides" "all") (default list (index .Values "validationFailureActionOverrides" $name)) }}
|
||||||
validationFailureActionOverrides: {{ toYaml . | nindent 4 }}
|
validationFailureActionOverrides: {{ toYaml . | nindent 4 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
background: true
|
background: {{ .Values.background }}
|
||||||
rules:
|
rules:
|
||||||
- name: run-as-non-root-user
|
- name: run-as-non-root-user
|
||||||
match:
|
match:
|
||||||
|
|
|
||||||
|
|
@ -22,7 +22,7 @@ spec:
|
||||||
{{- with concat (index .Values "validationFailureActionOverrides" "all") (default list (index .Values "validationFailureActionOverrides" $name)) }}
|
{{- with concat (index .Values "validationFailureActionOverrides" "all") (default list (index .Values "validationFailureActionOverrides" $name)) }}
|
||||||
validationFailureActionOverrides: {{ toYaml . | nindent 4 }}
|
validationFailureActionOverrides: {{ toYaml . | nindent 4 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
background: true
|
background: {{ .Values.background }}
|
||||||
rules:
|
rules:
|
||||||
- name: run-as-non-root
|
- name: run-as-non-root
|
||||||
match:
|
match:
|
||||||
|
|
|
||||||
|
|
@ -20,7 +20,7 @@ metadata:
|
||||||
set to `RuntimeDefault` or `Localhost`. A known issue prevents a policy such as this
|
set to `RuntimeDefault` or `Localhost`. A known issue prevents a policy such as this
|
||||||
using `anyPattern` from being persisted properly in Kubernetes 1.23.0-1.23.2.
|
using `anyPattern` from being persisted properly in Kubernetes 1.23.0-1.23.2.
|
||||||
spec:
|
spec:
|
||||||
background: true
|
background: {{ .Values.background }}
|
||||||
validationFailureAction: {{ .Values.validationFailureAction }}
|
validationFailureAction: {{ .Values.validationFailureAction }}
|
||||||
{{- with concat (index .Values "validationFailureActionOverrides" "all") (default list (index .Values "validationFailureActionOverrides" $name)) }}
|
{{- with concat (index .Values "validationFailureActionOverrides" "all") (default list (index .Values "validationFailureActionOverrides" $name)) }}
|
||||||
validationFailureActionOverrides: {{ toYaml . | nindent 4 }}
|
validationFailureActionOverrides: {{ toYaml . | nindent 4 }}
|
||||||
|
|
|
||||||
|
|
@ -24,7 +24,7 @@ spec:
|
||||||
{{- with concat (index .Values "validationFailureActionOverrides" "all") (default list (index .Values "validationFailureActionOverrides" $name)) }}
|
{{- with concat (index .Values "validationFailureActionOverrides" "all") (default list (index .Values "validationFailureActionOverrides" $name)) }}
|
||||||
validationFailureActionOverrides: {{ toYaml . | nindent 4 }}
|
validationFailureActionOverrides: {{ toYaml . | nindent 4 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
background: true
|
background: {{ .Values.background }}
|
||||||
rules:
|
rules:
|
||||||
- name: restricted-volumes
|
- name: restricted-volumes
|
||||||
match:
|
match:
|
||||||
|
|
|
||||||
|
|
@ -52,3 +52,5 @@ policyExclude: {}
|
||||||
nameOverride:
|
nameOverride:
|
||||||
# -- Additional labels
|
# -- Additional labels
|
||||||
customLabels: {}
|
customLabels: {}
|
||||||
|
# Policies background mode
|
||||||
|
background: true
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue