-
Notifications
You must be signed in to change notification settings - Fork 4
/
metadata.yml
66 lines (66 loc) · 2.21 KB
/
metadata.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
rules:
- apiGroups:
- ""
apiVersions:
- v1
resources:
- pods
operations:
- CREATE
- apiGroups:
- ""
apiVersions:
- v1
resources:
- replicationcontrollers
operations:
- CREATE
- UPDATE
- apiGroups:
- apps
apiVersions:
- v1
resources:
- deployments
- replicasets
- statefulsets
- daemonsets
operations:
- CREATE
- UPDATE
- apiGroups:
- batch
apiVersions:
- v1
resources:
- jobs
- cronjobs
operations:
- CREATE
- UPDATE
mutating: true
contextAware: false
executionMode: kubewarden-wapc
# Consider the policy for the background audit scans. Default is true. Note the
# intrinsic limitations of the background audit feature on docs.kubewarden.io;
# If your policy hits any limitations, set to false for the audit feature to
# skip this policy and not generate false positives.
backgroundAudit: true
annotations:
# artifacthub specific:
io.artifacthub.displayName: Container Resources
io.artifacthub.resources: Pod, Replicationcontroller, Deployments, Replicaset, Statefulset, Daemonset, Job, Cronjob
io.artifacthub.keywords: container, resources
io.kubewarden.policy.ociUrl: ghcr.io/kubewarden/policies/container-resources # must match release workflow oci-target
# kubewarden specific:
io.kubewarden.policy.title: container-resources
io.kubewarden.policy.description: Policy is designed to enforce constraints on the resource requirements of Kubernetes containers
io.kubewarden.policy.author: "Kubewarden developers <[email protected]>"
io.kubewarden.policy.url: https://github.com/kubewarden/container-resources-policy
io.kubewarden.policy.source: https://github.com/kubewarden/container-resources-policy
io.kubewarden.policy.license: Apache-2.0
# The next two annotations are used in the policy report generated by the
# Audit scanner. Severity indicates policy check result criticality and
# Category indicates policy category. See more here at docs.kubewarden.io
io.kubewarden.policy.severity: medium # one of info, low, medium, high, critical. See docs.
io.kubewarden.policy.category: Resource validation