From 84cb5d17cef53d5a113946446e2d21b4221bbefc Mon Sep 17 00:00:00 2001 From: Parikshit Samant Date: Thu, 11 May 2023 23:25:04 +0530 Subject: [PATCH] change enforce policies to audit --- .../disallow_empty_ingress_host.yaml | 2 +- charts/best-practices-k8s/Chart.yaml | 2 +- charts/best-practices-k8s/pols/disallow_empty_ingress_host.yaml | 2 +- charts/best-practices-workload-security/Chart.yaml | 2 +- .../pols/disallow_empty_ingress_host.yaml | 2 +- pci-dss/restrict-basic-auth-secret.yaml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/best-practices/disallow-empty-ingress-host/disallow_empty_ingress_host.yaml b/best-practices/disallow-empty-ingress-host/disallow_empty_ingress_host.yaml index db74f164..ed9b7e46 100644 --- a/best-practices/disallow-empty-ingress-host/disallow_empty_ingress_host.yaml +++ b/best-practices/disallow-empty-ingress-host/disallow_empty_ingress_host.yaml @@ -12,7 +12,7 @@ metadata: in order to be valid. This policy ensures that there is a hostname for each rule defined. spec: - validationFailureAction: enforce + validationFailureAction: audit background: false rules: - name: disallow-empty-ingress-host diff --git a/charts/best-practices-k8s/Chart.yaml b/charts/best-practices-k8s/Chart.yaml index 29486267..5574de32 100644 --- a/charts/best-practices-k8s/Chart.yaml +++ b/charts/best-practices-k8s/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: kubernetes-best-practice-policies description: Kubernetes Best Practice policy set type: application -version: 0.1.1 +version: 0.1.2 appVersion: 0.1.0 keywords: - kubernetes diff --git a/charts/best-practices-k8s/pols/disallow_empty_ingress_host.yaml b/charts/best-practices-k8s/pols/disallow_empty_ingress_host.yaml index a3436f46..7fb3671b 100644 --- a/charts/best-practices-k8s/pols/disallow_empty_ingress_host.yaml +++ b/charts/best-practices-k8s/pols/disallow_empty_ingress_host.yaml @@ -12,7 +12,7 @@ metadata: in order to be valid. This policy ensures that there is a hostname for each rule defined. spec: - validationFailureAction: enforce + validationFailureAction: audit background: false rules: - name: disallow-empty-ingress-host diff --git a/charts/best-practices-workload-security/Chart.yaml b/charts/best-practices-workload-security/Chart.yaml index 7d38e438..f16cf52f 100644 --- a/charts/best-practices-workload-security/Chart.yaml +++ b/charts/best-practices-workload-security/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: workload-security-best-practice-policies description: Workload Security Best Practice policy set type: application -version: 0.1.1 +version: 0.1.2 appVersion: 0.1.0 keywords: - kubernetes diff --git a/charts/best-practices-workload-security/pols/disallow_empty_ingress_host.yaml b/charts/best-practices-workload-security/pols/disallow_empty_ingress_host.yaml index a3436f46..7fb3671b 100644 --- a/charts/best-practices-workload-security/pols/disallow_empty_ingress_host.yaml +++ b/charts/best-practices-workload-security/pols/disallow_empty_ingress_host.yaml @@ -12,7 +12,7 @@ metadata: in order to be valid. This policy ensures that there is a hostname for each rule defined. spec: - validationFailureAction: enforce + validationFailureAction: audit background: false rules: - name: disallow-empty-ingress-host diff --git a/pci-dss/restrict-basic-auth-secret.yaml b/pci-dss/restrict-basic-auth-secret.yaml index c5924ae3..519a7204 100644 --- a/pci-dss/restrict-basic-auth-secret.yaml +++ b/pci-dss/restrict-basic-auth-secret.yaml @@ -13,7 +13,7 @@ metadata: Namespaces so Pods there have access. This policy will check for the username and password present in a secret. spec: - validationFailureAction: Enforce + validationFailureAction: audit background: true rules: - name: check-secrets