Adds demo folder

[santoshkal]

This PR adds a demo folder with the commands for all the features of Genval, including genai implementation.
All the relevant template inputs, configs, and policies are available in the ./templates directory.

[dryrunsecurity]

DryRun Security Summary

The GitHub Pull Request covers a wide range of updates to the Kubernetes API and related infrastructure, including changes to the admission control system, API discovery, and various Kubernetes API resource definitions, with a focus on improving the functionality and reliability of the Kubernetes platform.

Expand for full summary

Summary:

The changes in this GitHub Pull Request cover a wide range of updates to the Kubernetes API and related infrastructure. The changes span across several files and directories, including updates to the admission control system, API discovery, and various Kubernetes API resource definitions.

From an application security perspective, the key areas of focus are:

1. Admission Control: The changes introduce updates to the Kubernetes admission control system, which is a critical security feature that allows for the enforcement of policies and validations on Kubernetes resources before they are persisted. The changes include updates to the ValidatingWebhookConfiguration, MutatingWebhookConfiguration, and related types.

2. API Discovery: The changes include updates to the Kubernetes API discovery mechanism, which allows clients to discover and interact with the available Kubernetes APIs. Ensuring the security and reliability of the API discovery process is crucial for building secure Kubernetes-based applications.

3. API Resource Definitions: The changes update various Kubernetes API resource definitions, such as those related to workloads (Deployments, StatefulSets, DaemonSets), storage versioning, and more. Reviewing these changes for potential security implications, such as access control, input validation, and resource management, is important.

4. Generated Code: Many of the changes involve auto-generated code, which is a common practice in Kubernetes development. While the generated code itself is unlikely to introduce security vulnerabilities, it's important to ensure that the code generation process is secure and that the generated code is properly reviewed and tested.

Overall, the changes in this Pull Request appear to be focused on improving the functionality and reliability of the Kubernetes API and related infrastructure. From an application security perspective, the key is to ensure that these changes do not introduce any unintended security vulnerabilities or regressions, and that the Kubernetes platform as a whole remains secure and reliable for the applications running on top of it.

Files Changed:

The following files were changed in this Pull Request:

1. .vscode/settings.json: This file was updated to disable the automatic configuration of Makefiles when a project is opened in Visual Studio Code.
2. .gitignore: The demo/ directory was removed from the .gitignore file, which could potentially expose sensitive information or configuration details.
3. demo/commands.md: This file was updated with information about Genval's container registry authentication, artifact signing, and policy management capabilities.
4. demo/demo.md: The changes remove a command that was exposing a sensitive OpenAI API key.
5. templates/defaultpolicies/cue/policy/cue.mod/gen/ (multiple files): These files are auto-generated code for various Kubernetes API resources, including admission control, API discovery, and API resource definitions.

Code Analysis

We ran 9 analyzers against 30 files and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.