-
Notifications
You must be signed in to change notification settings - Fork 2
/
artifacthub-pkg.yml
142 lines (142 loc) · 3.83 KB
/
artifacthub-pkg.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
# Kubewarden Artifacthub Package config
#
# Use this config to submit the policy to https://artifacthub.io.
#
# This config can be saved to its default location with:
# kwctl scaffold artifacthub > artifacthub-pkg.yml
version: 0.1.7
name: environment-variable-policy
displayName: Environment Variable Policy
createdAt: 2024-06-13T21:14:11.314795321Z
description: A Kubewarden Policy that controls the usage of environment variables
license: Apache-2.0
homeURL: https://github.com/kubewarden/environment-variable-policy
containersImages:
- name: policy
image: ghcr.io/kubewarden/policies/environment-variable-policy:v0.1.7
keywords:
- deployment
- replicaset
- statefulset
- daemonset
- replicationcontroller
- job
- cronjob
- pod
- container
- environment-variables
links:
- name: policy
url: https://github.com/kubewarden/environment-variable-policy/releases/download/v0.1.7/policy.wasm
- name: source
url: https://github.com/kubewarden/environment-variable-policy
install: |
The policy can be obtained using [`kwctl`](https://github.com/kubewarden/kwctl):
```console
kwctl pull ghcr.io/kubewarden/policies/environment-variable-policy:v0.1.7
```
Then, generate the policy manifest and tune it to your liking. For example:
```console
kwctl scaffold manifest -t ClusterAdmissionPolicy registry://ghcr.io/kubewarden/policies/environment-variable-policy:v0.1.7
```
maintainers:
- name: Kubewarden developers
email: [email protected]
provider:
name: kubewarden
recommendations:
- url: https://artifacthub.io/packages/helm/kubewarden/kubewarden-controller
annotations:
kubewarden/mutation: 'false'
kubewarden/questions-ui: |-
questions:
- default: null
description: >-
Each rule defined in the policy settings is composed by a reject operator
and a set of the environment variables used with the operator against the
environment variables from the resources. The rules are evaluated in the
order that they are defined. The resource is denied in the first failed
evaluated rule.
group: Settings
label: Description
required: false
hide_input: true
type: string
variable: description
- default: []
group: Settings
label: Rules
hide_input: true
type: sequence[
variable: rules
sequence_questions:
- default: anyIn
group: Settings
label: Reject Operator
options:
- anyIn
- anyNotIn
- allAreUsed
- notAllAreUsed
required: false
type: enum
variable: reject
- default: []
description: ''
group: Settings
label: Environment Variables
hide_input: true
type: sequence[
variable: environmentVariables
sequence_questions:
- default: ''
group: Settings
label: Name
type: string
variable: name
- default: ''
group: Settings
label: Value
type: string
variable: value
kubewarden/resources: Deployment,Replicaset,Statefulset,Daemonset,Replicationcontroller,Job,Cronjob,Pod
kubewarden/rules: |
- apiGroups:
- ''
apiVersions:
- v1
resources:
- pods
operations:
- CREATE
- apiGroups:
- ''
apiVersions:
- v1
resources:
- replicationcontrollers
operations:
- CREATE
- UPDATE
- apiGroups:
- apps
apiVersions:
- v1
resources:
- deployments
- replicasets
- statefulsets
- daemonsets
operations:
- CREATE
- UPDATE
- apiGroups:
- batch
apiVersions:
- v1
resources:
- jobs
- cronjobs
operations:
- CREATE
- UPDATE