generated from kubewarden/go-policy-template
-
Notifications
You must be signed in to change notification settings - Fork 2
/
artifacthub-pkg.yml
77 lines (77 loc) · 2.38 KB
/
artifacthub-pkg.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
# Kubewarden Artifacthub Package config
#
# Use this config to submit the policy to https://artifacthub.io.
#
# This config can be saved to its default location with:
# kwctl scaffold artifacthub > artifacthub-pkg.yml
version: 0.1.11
name: volumes-psp
displayName: Volumes PSP
createdAt: 2023-10-16T15:01:17.611345913Z
description: Pod Security Policy that controls usage of volumes
license: Apache-2.0
homeURL: https://github.com/kubewarden/volumes-psp-policy
containersImages:
- name: policy
image: ghcr.io/kubewarden/policies/volumes-psp:v0.1.11
keywords:
- psp
- pod
- volumes
links:
- name: policy
url: https://github.com/kubewarden/volumes-psp-policy/releases/download/v0.1.11/policy.wasm
- name: source
url: https://github.com/kubewarden/volumes-psp-policy
install: |
The policy can be obtained using [`kwctl`](https://github.com/kubewarden/kwctl):
```console
kwctl pull ghcr.io/kubewarden/policies/volumes-psp:v0.1.11
```
Then, generate the policy manifest and tune it to your liking. For example:
```console
kwctl scaffold manifest -t ClusterAdmissionPolicy registry://ghcr.io/kubewarden/policies/volumes-psp:v0.1.11
```
maintainers:
- name: Kubewarden developers
email: [email protected]
provider:
name: kubewarden
recommendations:
- url: https://artifacthub.io/packages/helm/kubewarden/kubewarden-controller
annotations:
kubewarden/mutation: 'false'
kubewarden/questions-ui: |
questions:
- default: null
description: >-
Replacement for the Kubernetes Pod Security Policy that controls the usage
of volumes in pods. The policy takes the list of the allowed volume types
using the allowedTypes setting. The special value * can be used to allow all
kind of volumes.
group: Settings
required: false
hide_input: true
type: string
variable: description
- default: []
description: ''
tooltip: >-
A list of the allowed volume types. Note: no other value can be specified
together with *. For example, allowedTypes: ['*', 'configMap'] is not a
valid configuration setting.
group: Settings
label: Allowed types
required: false
type: array[
variable: allowedTypes
kubewarden/resources: Pod
kubewarden/rules: |
- apiGroups:
- ''
apiVersions:
- v1
resources:
- pods
operations:
- CREATE