Signed-off-by: gwg313 <gwg313@pm.me>
This commit is contained in:
parent
ef827b2c69
commit
145721146e
35 changed files with 919 additions and 122 deletions
|
|
@ -3,5 +3,7 @@ kyverno:
|
|||
replicas: 2
|
||||
features:
|
||||
loggingFormat: text
|
||||
policyExceptions:
|
||||
enabled: true
|
||||
telemetry:
|
||||
enabled: false
|
||||
|
|
|
|||
|
|
@ -11,6 +11,12 @@ spec:
|
|||
any:
|
||||
- resources:
|
||||
kinds: ["Pod"]
|
||||
exclude:
|
||||
any:
|
||||
- resources:
|
||||
namespaceSelector:
|
||||
matchLabels:
|
||||
policy.home.arpa/allow-hostpath: "true"
|
||||
|
||||
validate:
|
||||
message: "hostPath volumes are not allowed (escape risk)."
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ metadata:
|
|||
policies.kyverno.io/description: >-
|
||||
Automatically provisions a baseline CiliumNetworkPolicy
|
||||
with default deny ingress and controlled DNS egress.
|
||||
argocd.argoproj.io/sync-options: Force=true,Replace=true
|
||||
argocd.argoproj.io/sync-options: Replace=true
|
||||
|
||||
spec:
|
||||
background: true
|
||||
|
|
@ -55,6 +55,8 @@ spec:
|
|||
metadata:
|
||||
labels:
|
||||
security-tier: baseline
|
||||
annotations:
|
||||
argocd.argoproj.io/sync-options: Prune=false
|
||||
|
||||
spec:
|
||||
endpointSelector: {}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue