Comments (2)
Further to this month's meeting, some of the requirements we fleshed out were:
- Desire by users to apply, in GitOps fashion, curated standards like Pod Security Standards. This need entails organization of constituent policies into their own folder structure so Kustomize can process them accordingly.
- Need to ensure consistency and a system for automating unit tests (pass/fail) of each policy that gets created. Could be tested with the Kyverno CLI, for example. A possible implementation mentioned was ensuing test files reflect the name of the policy somehow.
- Acknowledging that users use example policies as teaching aids in order to learn Kyverno. There is desire to find policies of interest on an as-needed basis, which may be to learn the tooling but also to selectively copy and use in their environment.
- Other groupings (aside from the first bullet point) are subjective and arbitrary (i.e., "best practice" isn't necessarily everyone's best practice for everything) and may make it difficult to locate interesting policies.
from policies.
Would we be receptive to the idea of building policies out as a separate static site with a separate Hugo theme? I think that's going to give us the most freedom in pursuing the best UX with regard to tags and finding files.
from policies.
Related Issues (20)
- [Chainsaw Tests] Test generated VAPs of pod security cel policies with Chainsaw HOT 1
- Extend chainsaw tests for additional container types HOT 1
- PolicyException for a pod with multiple violations HOT 4
- [Bug] Generate rule on pod creation triggers twice HOT 1
- [Sample] Add variant of `disallow-capabilities` for service meshes
- Question: exclusions to PodSecurity sub-rule
- Mutate policy on existing resource not working only for k8s tls secret HOT 2
- [Bug] ClusterCleanupPolicy works only the first time ? HOT 2
- [Bug] Sync Secrets failing to keep secrets in sync HOT 4
- [Enhancement] Update CEL policies to make use of optionals and variables to remove redundant expressions HOT 6
- [Enhancement]: Replace enforce/audit (deprecated) with Enforce/Audit on sample policies HOT 1
- [Enhancement]: Replace enforce/audit (deprecated) with Enforce/Audit on sample policies HOT 1
- [Bug] ClusterPolicy with PolicyException does not apply on subsequent updates
- [Bug] Copy secret into every namespace.
- [Bug] Improve policy other/add-node-affinity/add-node-affinity.yaml
- [Sample] Best Practices for PDBs HOT 5
- Require Unique UID per Workload - Hlem Upgrade Issue HOT 1
- Error from server: error when creating "allowed_container.yaml": admission webhook "validate.kyverno.svc-fail" denied the request: HOT 2
- Add RoleBinding not working for EKS(aws k8s cluster) HOT 7
- Block Stale Images
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from policies.