-
Notifications
You must be signed in to change notification settings - Fork 248
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #488 from chipzoller/main
Policy updates
- Loading branch information
Showing
70 changed files
with
749 additions
and
315 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
53 changes: 27 additions & 26 deletions
53
consul/enforce-min-tls-version/enforce-min-tls-version.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,30 +1,31 @@ | ||
apiVersion: kyverno.io/v1 | ||
kind: ClusterPolicy | ||
metadata: | ||
name: enforce-min-tls-version | ||
annotations: | ||
policies.kyverno.io/title: Enforce Consul min TLS version | ||
policies.kyverno.io/category: Consul | ||
policies.kyverno.io/severity: medium | ||
policies.kyverno.io/subject: Mesh | ||
kyverno.io/kyverno-version: 1.8.0 | ||
policies.kyverno.io/minversion: 1.6.0 | ||
kyverno.io/kubernetes-version: "1.24" | ||
policies.kyverno.io/description: >- | ||
This policy will check the TLS Min version to ensure that whenever the mesh is set, there is a minimum version of TLS set for all the service mesh proxies and this enforces that service mesh mTLS traffic uses TLS v1.2 or newer. | ||
name: enforce-min-tls-version | ||
annotations: | ||
policies.kyverno.io/title: Enforce Consul min TLS version | ||
policies.kyverno.io/category: Consul | ||
policies.kyverno.io/severity: medium | ||
policies.kyverno.io/subject: Mesh | ||
kyverno.io/kyverno-version: 1.8.0 | ||
policies.kyverno.io/minversion: 1.6.0 | ||
kyverno.io/kubernetes-version: "1.24" | ||
policies.kyverno.io/description: >- | ||
This policy will check the TLS Min version to ensure that whenever the mesh is set, there is a minimum version of TLS set for all the service mesh proxies and this enforces that service mesh mTLS traffic uses TLS v1.2 or newer. | ||
spec: | ||
validationFailureAction: enforce | ||
background: true | ||
rules: | ||
- name: check-for-tls-version | ||
match: | ||
resources: | ||
kinds: | ||
- Mesh | ||
validate: | ||
message: The minimum version of TLS is TLS v1_2 | ||
pattern: | ||
spec: | ||
tls: | ||
incoming: | ||
tlsMinVersion: TLSv1_2 | ||
validationFailureAction: enforce | ||
background: true | ||
rules: | ||
- name: check-for-tls-version | ||
match: | ||
any: | ||
- resources: | ||
kinds: | ||
- Mesh | ||
validate: | ||
message: The minimum version of TLS is TLS v1_2 | ||
pattern: | ||
spec: | ||
tls: | ||
incoming: | ||
tlsMinVersion: TLSv1_2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.