mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-09 09:26:54 +00:00
Code Activity
kyverno/cmd/cli/kubectl-kyverno/_testdata/policies-invalid/artifacthub-pkg.yml
Jim Bugwadia 6d48a185d1
Fix cli load policies from fs (#10270) 
* skip invalid policy files

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix file-system policy loader

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* propagate policy schema error

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

---------

Signed-off-by: Jim Bugwadia <jim@nirmata.com>
2024-05-21 15:17:49 +08:00

22 lines
No EOL
1.8 KiB
YAML
Raw Blame History

name: add-network-policy
version: 1.0.0
displayName: Add Network Policy
createdAt: "2023-04-10T19:47:15.000Z"
description: >-
By default, Kubernetes allows communications across all Pods within a cluster. The NetworkPolicy resource and a CNI plug-in that supports NetworkPolicy must be used to restrict communications. A default NetworkPolicy should be configured for each Namespace to default deny all ingress and egress traffic to the Pods in the Namespace. Application teams can then configure additional NetworkPolicy resources to allow desired traffic to application Pods from select sources. This policy will create a new NetworkPolicy resource named `default-deny` which will deny all traffic anytime a new Namespace is created.
install: |-
```shell
kubectl apply -f https://raw.githubusercontent.com/kyverno/policies/main/best-practices/add-network-policy/add-network-policy.yaml
```
keywords:
- kyverno
- Multi-Tenancy
- EKS Best Practices
readme: |
By default, Kubernetes allows communications across all Pods within a cluster. The NetworkPolicy resource and a CNI plug-in that supports NetworkPolicy must be used to restrict communications. A default NetworkPolicy should be configured for each Namespace to default deny all ingress and egress traffic to the Pods in the Namespace. Application teams can then configure additional NetworkPolicy resources to allow desired traffic to application Pods from select sources. This policy will create a new NetworkPolicy resource named `default-deny` which will deny all traffic anytime a new Namespace is created.
Refer to the documentation for more details on Kyverno annotations: https://artifacthub.io/docs/topics/annotations/kyverno/
annotations:
kyverno/category: "Multi-Tenancy, EKS Best Practices"
kyverno/subject: "NetworkPolicy"
digest: d01c7f24cf053549534bba5b98cc479ee0e5a4a01f810b8a45d11c86b26d846e
View git blame Copy permalink