Skip to content

Commit 459b449

Browse files
VedRatanVedRatan
committed
chore: chart version bump
Signed-off-by: Ved Ratan <[email protected]>
1 parent f2bcb8b commit 459b449

File tree

3 files changed

+58
-58
lines changed

3 files changed

+58
-58
lines changed

charts/rbac-best-practices/Chart.yaml

+1-1
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@ apiVersion: v2
22
name: rbac-best-practice-policies
33
description: Rbac Best Practice policy set
44
type: application
5-
version: 0.2.0
5+
version: 0.2.1
66
appVersion: 0.1.0
77
keywords:
88
- kubernetes

charts/rbac-best-practices/pols/restrict-automount-sa-token.yaml

+56
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,62 @@ spec:
2424
- resources:
2525
kinds:
2626
- Pod
27+
exclude:
28+
any:
29+
- resources:
30+
kinds:
31+
- Pod
32+
selector:
33+
matchLabels:
34+
app: nirmata-kube-controller
35+
- resources:
36+
kinds:
37+
- Pod
38+
selector:
39+
matchLabels:
40+
app: otel-agent
41+
- resources:
42+
kinds:
43+
- Pod
44+
selector:
45+
matchLabels:
46+
app.kubernetes.io/name: nirmata-kyverno-operator
47+
- resources:
48+
kinds:
49+
- Pod
50+
selector:
51+
matchLabels:
52+
app.kubernetes.io/component: admission-controller
53+
- resources:
54+
kinds:
55+
- Pod
56+
selector:
57+
matchLabels:
58+
app.kubernetes.io/component: cleanup-controller
59+
- resources:
60+
kinds:
61+
- Pod
62+
selector:
63+
matchLabels:
64+
app.kubernetes.io/component: background-controller
65+
- resources:
66+
kinds:
67+
- Pod
68+
selector:
69+
matchLabels:
70+
app.kubernetes.io/component: reports-controller
71+
- resources:
72+
kinds:
73+
- Pod
74+
selector:
75+
matchLabels:
76+
batch.kubernetes.io/job-name: "kyverno-cleanup-admission-reports-*"
77+
- resources:
78+
kinds:
79+
- Pod
80+
selector:
81+
matchLabels:
82+
batch.kubernetes.io/job-name=kyverno: "cleanup-cluster-admission-reports-*"
2783
preconditions:
2884
all:
2985
- key: "{{ request.\"object\".metadata.labels.\"app.kubernetes.io/part-of\" || '' }}"

rbac-best-practices/restrict-automount-sa-token/restrict-automount-sa-token.yaml

+1-57
Original file line numberDiff line numberDiff line change
@@ -24,62 +24,6 @@ spec:
2424
- resources:
2525
kinds:
2626
- Pod
27-
exclude:
28-
any:
29-
- resources:
30-
kinds:
31-
- Pod
32-
selector:
33-
matchLabels:
34-
app: nirmata-kube-controller
35-
- resources:
36-
kinds:
37-
- Pod
38-
selector:
39-
matchLabels:
40-
app: otel-agent
41-
- resources:
42-
kinds:
43-
- Pod
44-
selector:
45-
matchLabels:
46-
app.kubernetes.io/name: nirmata-kyverno-operator
47-
- resources:
48-
kinds:
49-
- Pod
50-
selector:
51-
matchLabels:
52-
app.kubernetes.io/component: admission-controller
53-
- resources:
54-
kinds:
55-
- Pod
56-
selector:
57-
matchLabels:
58-
app.kubernetes.io/component: cleanup-controller
59-
- resources:
60-
kinds:
61-
- Pod
62-
selector:
63-
matchLabels:
64-
app.kubernetes.io/component: background-controller
65-
- resources:
66-
kinds:
67-
- Pod
68-
selector:
69-
matchLabels:
70-
app.kubernetes.io/component: reports-controller
71-
- resources:
72-
kinds:
73-
- Pod
74-
selector:
75-
matchLabels:
76-
batch.kubernetes.io/job-name: "kyverno-cleanup-admission-reports-*"
77-
- resources:
78-
kinds:
79-
- Pod
80-
selector:
81-
matchLabels:
82-
batch.kubernetes.io/job-name=kyverno: "cleanup-cluster-admission-reports-*"
8327
preconditions:
8428
all:
8529
- key: "{{ request.\"object\".metadata.labels.\"app.kubernetes.io/part-of\" || '' }}"
@@ -89,4 +33,4 @@ spec:
8933
message: "Auto-mounting of Service Account tokens is not allowed."
9034
pattern:
9135
spec:
92-
automountServiceAccountToken: "false"
36+
automountServiceAccountToken: "false"

0 commit comments

Comments
 (0)