Skip to content

Commit

Permalink
chore: chart version bump
Browse files Browse the repository at this point in the history 
Signed-off-by: Ved Ratan <[email protected]>
  • Loading branch information
@VedRatan
VedRatan committed Aug 9, 2024
1 parent f2bcb8b commit 459b449
Show file tree
Hide file tree
Showing 3 changed files with 58 additions and 58 deletions.
2 changes: 1 addition & 1 deletion charts/rbac-best-practices/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ apiVersion: v2
name: rbac-best-practice-policies
description: Rbac Best Practice policy set
type: application
version: 0.2.0
version: 0.2.1
appVersion: 0.1.0
keywords:
- kubernetes
Expand Down
56 changes: 56 additions & 0 deletions charts/rbac-best-practices/pols/restrict-automount-sa-token.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,62 @@ spec:
- resources:
kinds:
- Pod
exclude:
any:
- resources:
kinds:
- Pod
selector:
matchLabels:
app: nirmata-kube-controller
- resources:
kinds:
- Pod
selector:
matchLabels:
app: otel-agent
- resources:
kinds:
- Pod
selector:
matchLabels:
app.kubernetes.io/name: nirmata-kyverno-operator
- resources:
kinds:
- Pod
selector:
matchLabels:
app.kubernetes.io/component: admission-controller
- resources:
kinds:
- Pod
selector:
matchLabels:
app.kubernetes.io/component: cleanup-controller
- resources:
kinds:
- Pod
selector:
matchLabels:
app.kubernetes.io/component: background-controller
- resources:
kinds:
- Pod
selector:
matchLabels:
app.kubernetes.io/component: reports-controller
- resources:
kinds:
- Pod
selector:
matchLabels:
batch.kubernetes.io/job-name: "kyverno-cleanup-admission-reports-*"
- resources:
kinds:
- Pod
selector:
matchLabels:
batch.kubernetes.io/job-name=kyverno: "cleanup-cluster-admission-reports-*"
preconditions:
all:
- key: "{{ request.\"object\".metadata.labels.\"app.kubernetes.io/part-of\" || '' }}"
Expand Down
58 changes: 1 addition & 57 deletions rbac-best-practices/restrict-automount-sa-token/restrict-automount-sa-token.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,62 +24,6 @@ spec:
- resources:
kinds:
- Pod
exclude:
any:
- resources:
kinds:
- Pod
selector:
matchLabels:
app: nirmata-kube-controller
- resources:
kinds:
- Pod
selector:
matchLabels:
app: otel-agent
- resources:
kinds:
- Pod
selector:
matchLabels:
app.kubernetes.io/name: nirmata-kyverno-operator
- resources:
kinds:
- Pod
selector:
matchLabels:
app.kubernetes.io/component: admission-controller
- resources:
kinds:
- Pod
selector:
matchLabels:
app.kubernetes.io/component: cleanup-controller
- resources:
kinds:
- Pod
selector:
matchLabels:
app.kubernetes.io/component: background-controller
- resources:
kinds:
- Pod
selector:
matchLabels:
app.kubernetes.io/component: reports-controller
- resources:
kinds:
- Pod
selector:
matchLabels:
batch.kubernetes.io/job-name: "kyverno-cleanup-admission-reports-*"
- resources:
kinds:
- Pod
selector:
matchLabels:
batch.kubernetes.io/job-name=kyverno: "cleanup-cluster-admission-reports-*"
preconditions:
all:
- key: "{{ request.\"object\".metadata.labels.\"app.kubernetes.io/part-of\" || '' }}"
Expand All @@ -89,4 +33,4 @@ spec:
message: "Auto-mounting of Service Account tokens is not allowed."
pattern:
spec:
automountServiceAccountToken: "false"
automountServiceAccountToken: "false"

0 comments on commit 459b449

Please sign in to comment.