-
Notifications
You must be signed in to change notification settings - Fork 0
/
metadata.yml
39 lines (39 loc) · 1.84 KB
/
metadata.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
rules:
- apiGroups: [ "" ]
apiVersions: [ "v1" ]
resources: [ "pods" ]
operations: [ "CREATE" ]
- apiGroups: [ "apps" ]
apiVersions: [ "v1" ]
resources: [ "deployments", "daemonsets", "statefulsets" ]
operations: [ "CREATE" ]
- apiGroups: [ "batch" ]
apiVersions: [ "v1" ]
resources: [ "jobs" ]
operations: [ "CREATE" ]
mutating: false
contextAwareResources: [ ]
executionMode: kubewarden-wapc
# Consider the policy for the background audit scans. Default is true. Note the
# intrinsic limitations of the background audit feature on docs.kubewarden.io;
# If your policy hits any limitations, set to false for the audit feature to
# skip this policy and not generate false positives.
backgroundAudit: true
annotations:
# artifacthub specific:
io.artifacthub.displayName: Disallow Default Namespace
io.artifacthub.resources: Pod, Job, Deployment, DaemonSet, StatefulSet
io.artifacthub.keywords: pod, job, deployment, daemonset, statefulset, kubewarden
io.kubewarden.policy.ociUrl: ghcr.io/atanasdinov/policies/disallow-default-namespace
# kubewarden specific:
io.kubewarden.policy.title: disallow-default-namespace
io.kubewarden.policy.description: Prevents workload resources from being deployed to the default namespace
io.kubewarden.policy.author: Atanas Dinov <[email protected]>
io.kubewarden.policy.url: https://github.com/atanasdinov/disallow-default-namespace
io.kubewarden.policy.source: https://github.com/atanasdinov/disallow-default-namespace
io.kubewarden.policy.license: Apache-2.0
# The next two annotations are used in the policy report generated by the
# Audit scanner. Severity indicates policy check result criticality and
# Category indicates policy category. See more here at docs.kubewarden.io
io.kubewarden.policy.severity: medium
io.kubewarden.policy.category: Resource validation