Fix remediation URL (#75)

Fixed the remediation URL for PSS restricted profile

charts/pod-security-restricted/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: pss-restricted-policies
 description: Pod Security Standards (restricted) policy set
 type: application
-version: 0.2.1
+version: 0.2.2
 appVersion: 0.1.0
 keywords:
   - kubernetes

charts/pod-security-restricted/pols/disallow-capabilities-strict.yaml

@@ -10,7 +10,7 @@ metadata:
     kyverno.io/kyverno-version: 1.6.0
     kyverno.io/kubernetes-version: "1.22-1.23"
     policies.kyverno.io/subject: Pod
-    policies.nirmata.io/remediation: "https://docs.nirmata.io/policysets/podsecurity/baseline/disallow-capabilities-strict/"
+    policies.nirmata.io/remediation: "https://docs.nirmata.io/policysets/podsecurity/restricted/disallow-capabilities-strict/"
     policies.kyverno.io/description: >-
       Adding capabilities other than `NET_BIND_SERVICE` is disallowed. In addition,
       all containers must explicitly drop `ALL` capabilities.

charts/pod-security-restricted/pols/disallow-privilege-escalation.yaml

@@ -9,7 +9,7 @@ metadata:
     policies.kyverno.io/subject: Pod
     kyverno.io/kyverno-version: 1.6.0
     kyverno.io/kubernetes-version: "1.22-1.23"
-    policies.nirmata.io/remediation: "https://docs.nirmata.io/policysets/podsecurity/baseline/disallow-privilege-escalation/"
+    policies.nirmata.io/remediation: "https://docs.nirmata.io/policysets/podsecurity/restricted/disallow-privilege-escalation/"
     policies.kyverno.io/description: >-
       Privilege escalation, such as via set-user-ID or set-group-ID file mode, should not be allowed.
       This policy ensures the `allowPrivilegeEscalation` field is set to `false`.

charts/pod-security-restricted/pols/require-run-as-non-root-user.yaml

@@ -9,7 +9,7 @@ metadata:
     policies.kyverno.io/subject: Pod
     kyverno.io/kyverno-version: 1.6.0
     kyverno.io/kubernetes-version: "1.22-1.23"
-    policies.nirmata.io/remediation: "https://docs.nirmata.io/policysets/podsecurity/baseline/require-run-as-non-root-user/"
+    policies.nirmata.io/remediation: "https://docs.nirmata.io/policysets/podsecurity/restricted/require-run-as-non-root-user/"
     policies.kyverno.io/description: >-
       Containers must be required to run as non-root users. This policy ensures
       `runAsUser` is either unset or set to a number greater than zero.

charts/pod-security-restricted/pols/require-run-as-nonroot.yaml

@@ -9,7 +9,7 @@ metadata:
     policies.kyverno.io/subject: Pod
     kyverno.io/kyverno-version: 1.6.0
     kyverno.io/kubernetes-version: "1.22-1.23"
-    policies.nirmata.io/remediation: "https://docs.nirmata.io/policysets/podsecurity/baseline/require-run-as-non-root/"
+    policies.nirmata.io/remediation: "https://docs.nirmata.io/policysets/podsecurity/restricted/require-run-as-non-root/"
     policies.kyverno.io/description: >-
       Containers must be required to run as non-root users. This policy ensures
       `runAsNonRoot` is set to `true`. A known issue prevents a policy such as this

charts/pod-security-restricted/pols/restrict-seccomp-strict.yaml

@@ -9,7 +9,7 @@ metadata:
     policies.kyverno.io/subject: Pod
     kyverno.io/kyverno-version: 1.6.0
     kyverno.io/kubernetes-version: "1.22-1.23"
-    policies.nirmata.io/remediation: "https://docs.nirmata.io/policysets/podsecurity/baseline/restrict-seccomp-strict/"
+    policies.nirmata.io/remediation: "https://docs.nirmata.io/policysets/podsecurity/restricted/restrict-seccomp-strict/"
     policies.kyverno.io/description: >-
       The seccomp profile in the Restricted group must not be explicitly set to Unconfined
       but additionally must also not allow an unset value. This policy, 

charts/pod-security-restricted/pols/restrict-volume-types.yaml

@@ -10,7 +10,7 @@ metadata:
     policies.kyverno.io/minversion: 1.6.0
     kyverno.io/kubernetes-version: "1.22-1.23"
     kyverno.io/kyverno-version: 1.6.0
-    policies.nirmata.io/remediation: "https://docs.nirmata.io/policysets/podsecurity/baseline/restrict-volume-types/"
+    policies.nirmata.io/remediation: "https://docs.nirmata.io/policysets/restricted/baseline/restrict-volume-types/"
     policies.kyverno.io/description: >-
       In addition to restricting HostPath volumes, the restricted pod security profile
       limits usage of non-core volume types to those defined through PersistentVolumes.
@@ -32,16 +32,16 @@ spec:
         deny:
           conditions:
             all:
-            - key: "{{ request.object.spec.volumes[].keys(@)[] || '' }}"
-              operator: AnyNotIn
-              value:
-                - name
-                - configMap
-                - csi
-                - downwardAPI
-                - emptyDir
-                - ephemeral
-                - persistentVolumeClaim
-                - projected
-                - secret
-                - ""
+              - key: "{{ request.object.spec.volumes[].keys(@)[] || '' }}"
+                operator: AnyNotIn
+                value:
+                  - name
+                  - configMap
+                  - csi
+                  - downwardAPI
+                  - emptyDir
+                  - ephemeral
+                  - persistentVolumeClaim
+                  - projected
+                  - secret
+                  - ""

pod-security/restricted/disallow-capabilities-strict/disallow-capabilities-strict.yaml

@@ -10,7 +10,7 @@ metadata:
     kyverno.io/kyverno-version: 1.6.0
     kyverno.io/kubernetes-version: "1.22-1.23"
     policies.kyverno.io/subject: Pod
-    policies.nirmata.io/remediation: "https://docs.nirmata.io/policysets/podsecurity/baseline/disallow-capabilities-strict/"
+    policies.nirmata.io/remediation: "https://docs.nirmata.io/policysets/podsecurity/restricted/disallow-capabilities-strict/"
     policies.kyverno.io/description: >-
       Adding capabilities other than `NET_BIND_SERVICE` is disallowed. In addition,
       all containers must explicitly drop `ALL` capabilities.

pod-security/restricted/disallow-privilege-escalation/disallow-privilege-escalation.yaml

@@ -9,7 +9,7 @@ metadata:
     policies.kyverno.io/subject: Pod
     kyverno.io/kyverno-version: 1.6.0
     kyverno.io/kubernetes-version: "1.22-1.23"
-    policies.nirmata.io/remediation: "https://docs.nirmata.io/policysets/podsecurity/baseline/disallow-privilege-escalation/"
+    policies.nirmata.io/remediation: "https://docs.nirmata.io/policysets/podsecurity/restricted/disallow-privilege-escalation/"
     policies.kyverno.io/description: >-
       Privilege escalation, such as via set-user-ID or set-group-ID file mode, should not be allowed.
       This policy ensures the `allowPrivilegeEscalation` field is set to `false`.

pod-security/restricted/require-run-as-non-root-user/require-run-as-non-root-user.yaml

@@ -9,7 +9,7 @@ metadata:
     policies.kyverno.io/subject: Pod
     kyverno.io/kyverno-version: 1.6.0
     kyverno.io/kubernetes-version: "1.22-1.23"
-    policies.nirmata.io/remediation: "https://docs.nirmata.io/policysets/podsecurity/baseline/require-run-as-non-root-user/"
+    policies.nirmata.io/remediation: "https://docs.nirmata.io/policysets/podsecurity/restricted/require-run-as-non-root-user/"
     policies.kyverno.io/description: >-
       Containers must be required to run as non-root users. This policy ensures
       `runAsUser` is either unset or set to a number greater than zero.

pod-security/restricted/require-run-as-nonroot/require-run-as-nonroot.yaml

@@ -9,7 +9,7 @@ metadata:
     policies.kyverno.io/subject: Pod
     kyverno.io/kyverno-version: 1.6.0
     kyverno.io/kubernetes-version: "1.22-1.23"
-    policies.nirmata.io/remediation: "https://docs.nirmata.io/policysets/podsecurity/baseline/require-run-as-non-root/"
+    policies.nirmata.io/remediation: "https://docs.nirmata.io/policysets/podsecurity/restricted/require-run-as-non-root/"
     policies.kyverno.io/description: >-
       Containers must be required to run as non-root users. This policy ensures
       `runAsNonRoot` is set to `true`. A known issue prevents a policy such as this

pod-security/restricted/restrict-seccomp-strict/restrict-seccomp-strict.yaml

@@ -9,7 +9,7 @@ metadata:
     policies.kyverno.io/subject: Pod
     kyverno.io/kyverno-version: 1.6.0
     kyverno.io/kubernetes-version: "1.22-1.23"
-    policies.nirmata.io/remediation: "https://docs.nirmata.io/policysets/podsecurity/baseline/restrict-seccomp-strict/"
+    policies.nirmata.io/remediation: "https://docs.nirmata.io/policysets/podsecurity/restricted/restrict-seccomp-strict/"
     policies.kyverno.io/description: >-
       The seccomp profile in the Restricted group must not be explicitly set to Unconfined
       but additionally must also not allow an unset value. This policy, 

pod-security/restricted/restrict-volume-types/restrict-volume-types.yaml

@@ -10,7 +10,7 @@ metadata:
     policies.kyverno.io/minversion: 1.6.0
     kyverno.io/kubernetes-version: "1.22-1.23"
     kyverno.io/kyverno-version: 1.6.0
-    policies.nirmata.io/remediation: "https://docs.nirmata.io/policysets/podsecurity/baseline/restrict-volume-types/"
+    policies.nirmata.io/remediation: "https://docs.nirmata.io/policysets/podsecurity/restricted/restrict-volume-types/"
     policies.kyverno.io/description: >-
       In addition to restricting HostPath volumes, the restricted pod security profile
       limits usage of non-core volume types to those defined through PersistentVolumes.