-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathartifacthub-pkg.yml
87 lines (87 loc) · 2.74 KB
/
artifacthub-pkg.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
# Kubewarden Artifacthub Package config
#
# Use this config to submit the policy to https://artifacthub.io.
#
# This config can be saved to its default location with:
# kwctl scaffold artifacthub > artifacthub-pkg.yml
version: 0.2.10
name: safe-annotations
displayName: Safe Annotations
createdAt: 2024-09-19T16:49:40.083368415Z
description: A policy that validates Kubernetes' resource annotations
license: Apache-2.0
homeURL: https://github.com/kubewarden/safe-annotations-policy
containersImages:
- name: policy
image: ghcr.io/kubewarden/policies/safe-annotations:v0.2.10
keywords:
- annotations
links:
- name: policy
url: https://github.com/kubewarden/safe-annotations-policy/releases/download/v0.2.10/policy.wasm
- name: source
url: https://github.com/kubewarden/safe-annotations-policy
install: |
The policy can be obtained using [`kwctl`](https://github.com/kubewarden/kwctl):
```console
kwctl pull ghcr.io/kubewarden/policies/safe-annotations:v0.2.10
```
Then, generate the policy manifest and tune it to your liking. For example:
```console
kwctl scaffold manifest -t ClusterAdmissionPolicy registry://ghcr.io/kubewarden/policies/safe-annotations:v0.2.10
```
maintainers:
- name: Kubewarden developers
email: [email protected]
provider:
name: kubewarden
recommendations:
- url: https://artifacthub.io/packages/helm/kubewarden/kubewarden-controller
annotations:
kubewarden/mutation: 'false'
kubewarden/questions-ui: |
questions:
- default: null
description: >-
This policy validates the annotations of generic Kubernetes objects. It
rejects all the resources that use one or more annotations on the deny list.
It also allows you to put constraints on specific annotations. The
constraints are expressed as regular expression.
group: Settings
label: Description
required: false
hide_input: true
type: string
variable: description
- default: []
tooltip: A list of annotations that cannot be used
group: Settings
label: Denied annotations
required: false
type: array[
variable: denied_annotations
- default: []
tooltip: A list of annotations that must be defined
group: Settings
label: Mandatory annotations
target: true
type: array[
variable: mandatory_annotations
- default: {}
tooltip: Annotations that are validated with user-defined RegExp
group: Settings
label: Constrained annotations
target: true
type: map[
variable: constrained_annotations
kubewarden/resources: '*'
kubewarden/rules: |
- apiGroups:
- '*'
apiVersions:
- '*'
resources:
- '*'
operations:
- CREATE
- UPDATE