From e02ce2f74e9548e8ff4fcafea6814abb387535ab Mon Sep 17 00:00:00 2001 From: peefy Date: Sun, 12 Nov 2023 12:56:13 +0800 Subject: [PATCH 1/5] feat: add more container validation modules Signed-off-by: peefy --- k8s_manifests_containers/kcl.mod | 2 +- k8s_manifests_containers/main.k | 2 +- required-drop-all/README.md | 7 ++++ required-drop-all/kcl.mod | 5 +++ required-drop-all/kcl.mod.lock | 0 required-drop-all/main.k | 38 ++++++++++++++++++++ required-drop-cap-net-all/README.md | 7 ++++ required-drop-cap-net-all/kcl.mod | 5 +++ required-drop-cap-net-all/kcl.mod.lock | 0 required-drop-cap-net-all/main.k | 38 ++++++++++++++++++++ required-pod-requests-limits/README.md | 7 ++++ required-pod-requests-limits/kcl.mod | 5 +++ required-pod-requests-limits/kcl.mod.lock | 0 required-pod-requests-limits/main.k | 34 ++++++++++++++++++ required-root-fs/README.md | 7 ++++ required-root-fs/kcl.mod | 5 +++ required-root-fs/kcl.mod.lock | 0 required-root-fs/main.k | 18 ++++++++++ restrict-image-registries/README.md | 7 ++++ restrict-image-registries/kcl.mod | 5 +++ restrict-image-registries/kcl.mod.lock | 0 restrict-image-registries/main.k | 44 +++++++++++++++++++++++ restrict-service-external-ips/README.md | 7 ++++ restrict-service-external-ips/kcl.mod | 5 +++ restrict-service-external-ips/main.k | 37 +++++++++++++++++++ 25 files changed, 283 insertions(+), 2 deletions(-) create mode 100644 required-drop-all/README.md create mode 100644 required-drop-all/kcl.mod create mode 100644 required-drop-all/kcl.mod.lock create mode 100644 required-drop-all/main.k create mode 100644 required-drop-cap-net-all/README.md create mode 100644 required-drop-cap-net-all/kcl.mod create mode 100644 required-drop-cap-net-all/kcl.mod.lock create mode 100644 required-drop-cap-net-all/main.k create mode 100644 required-pod-requests-limits/README.md create mode 100644 required-pod-requests-limits/kcl.mod create mode 100644 required-pod-requests-limits/kcl.mod.lock create mode 100644 required-pod-requests-limits/main.k create mode 100644 required-root-fs/README.md create mode 100644 required-root-fs/kcl.mod create mode 100644 required-root-fs/kcl.mod.lock create mode 100644 required-root-fs/main.k create mode 100644 restrict-image-registries/README.md create mode 100644 restrict-image-registries/kcl.mod create mode 100644 restrict-image-registries/kcl.mod.lock create mode 100644 restrict-image-registries/main.k create mode 100644 restrict-service-external-ips/README.md create mode 100644 restrict-service-external-ips/kcl.mod create mode 100644 restrict-service-external-ips/main.k diff --git a/k8s_manifests_containers/kcl.mod b/k8s_manifests_containers/kcl.mod index 2d82dc75..02389ee6 100644 --- a/k8s_manifests_containers/kcl.mod +++ b/k8s_manifests_containers/kcl.mod @@ -1,4 +1,4 @@ [package] name = "k8s_manifests_containers" -version = "0.1.0" +version = "0.1.2" description = "`k8s_manifests_containers` can be used to get all containers resources in a Pod resource." diff --git a/k8s_manifests_containers/main.k b/k8s_manifests_containers/main.k index 9b8ee25e..7aded69c 100644 --- a/k8s_manifests_containers/main.k +++ b/k8s_manifests_containers/main.k @@ -9,7 +9,7 @@ is_exempt = lambda image: str, exemptImages: [str] = [] -> bool { } # Get Containers from the input resource item. -get_containers = lambda item, exemptImages = [] -> [] { +get_containers = lambda item: {str:}, exemptImages: [str] = [] -> [] { containers = [] if item.kind == "Pod": containers = (item.spec.containers or []) + (item.spec.initContainers or []) + (item.spec.ephemeralContainers or []) diff --git a/required-drop-all/README.md b/required-drop-all/README.md new file mode 100644 index 00000000..d67df755 --- /dev/null +++ b/required-drop-all/README.md @@ -0,0 +1,7 @@ +## Introduction + +`require-pod-requests-limits` is a KCL validation module + +## Resource + +The Code source and documents are [here](https://github.com/kcl-lang/artifacthub/tree/main/require-pod-requests-limits) diff --git a/required-drop-all/kcl.mod b/required-drop-all/kcl.mod new file mode 100644 index 00000000..b902445d --- /dev/null +++ b/required-drop-all/kcl.mod @@ -0,0 +1,5 @@ +[package] +name = "required-drop-all" +version = "0.1.1" +description = "`required-drop-all` is a KCL validation module" + diff --git a/required-drop-all/kcl.mod.lock b/required-drop-all/kcl.mod.lock new file mode 100644 index 00000000..e69de29b diff --git a/required-drop-all/main.k b/required-drop-all/main.k new file mode 100644 index 00000000..853b08e7 --- /dev/null +++ b/required-drop-all/main.k @@ -0,0 +1,38 @@ +"""Containers must drop `ALL` capabilities.""" +# Judge a image in a container config is exempt +is_exempt = lambda image: str, exemptImages: [str] = [] -> bool { + result = False + if exemptImages: + result = any exempt_image in exemptImages { + (image.startswith(exempt_image.removesuffix("*")) if exempt_image.endswith("*") else exempt_image == image) + } + result +} + +# Get Containers from the input resource item. +get_containers = lambda item: {str:}, exemptImages: [str] = [] -> [{str:}] { + containers = [] + if item.kind == "Pod": + containers = (item.spec.containers or []) + (item.spec.initContainers or []) + (item.spec.ephemeralContainers or []) + elif item.kind == "Deployment": + containers = (item.spec.template.spec.containers or []) + (item.spec.template.spec.initContainers or []) + (item.spec.template.spec.ephemeralContainers or []) + containers = [c for c in containers if not is_exempt(c.image, exemptImages)] +} + +validate_container = lambda container: {str:} -> bool { + drop: [str] = container?.securityContext?.capabilities?.drop or [] + any d in drop { + d.upper() == "ALL" + } +} + +# Define the validation function +validate = lambda item: {str:} { + containers = get_containers(item) + if containers: + container_list_disallow = [c.name for c in containers if not validate_container(c)] + assert len(container_list_disallow) == 0, "CPU and memory resource requests and limits are required. for containers {}".format(container_list_disallow) + item +} +# Validate All resource +items = [validate(i) for i in option("items") or []] diff --git a/required-drop-cap-net-all/README.md b/required-drop-cap-net-all/README.md new file mode 100644 index 00000000..76b6d5dd --- /dev/null +++ b/required-drop-cap-net-all/README.md @@ -0,0 +1,7 @@ +## Introduction + +`required-drop-cap-net-all` is a KCL validation module + +## Resource + +The Code source and documents are [here](https://github.com/kcl-lang/artifacthub/tree/main/required-drop-cap-net-all) diff --git a/required-drop-cap-net-all/kcl.mod b/required-drop-cap-net-all/kcl.mod new file mode 100644 index 00000000..f8c927bd --- /dev/null +++ b/required-drop-cap-net-all/kcl.mod @@ -0,0 +1,5 @@ +[package] +name = "required-drop-cap-net-all" +version = "0.1.1" +description = "`required-drop-cap-net-all` is a KCL validation module" + diff --git a/required-drop-cap-net-all/kcl.mod.lock b/required-drop-cap-net-all/kcl.mod.lock new file mode 100644 index 00000000..e69de29b diff --git a/required-drop-cap-net-all/main.k b/required-drop-cap-net-all/main.k new file mode 100644 index 00000000..98b8fd6e --- /dev/null +++ b/required-drop-cap-net-all/main.k @@ -0,0 +1,38 @@ +"""Containers must drop `ALL` capabilities.""" +# Judge a image in a container config is exempt +is_exempt = lambda image: str, exemptImages: [str] = [] -> bool { + result = False + if exemptImages: + result = any exempt_image in exemptImages { + (image.startswith(exempt_image.removesuffix("*")) if exempt_image.endswith("*") else exempt_image == image) + } + result +} + +# Get Containers from the input resource item. +get_containers = lambda item: {str:}, exemptImages: [str] = [] -> [{str:}] { + containers = [] + if item.kind == "Pod": + containers = (item.spec.containers or []) + (item.spec.initContainers or []) + (item.spec.ephemeralContainers or []) + elif item.kind == "Deployment": + containers = (item.spec.template.spec.containers or []) + (item.spec.template.spec.initContainers or []) + (item.spec.template.spec.ephemeralContainers or []) + containers = [c for c in containers if not is_exempt(c.image, exemptImages)] +} + +validate_container = lambda container: {str:} -> bool { + drop: [str] = container?.securityContext?.capabilities?.drop or [] + any d in drop { + d.upper() == "CAP_NET_RAW" + } +} + +# Define the validation function +validate = lambda item: {str:} { + containers = get_containers(item) + if containers: + container_list_disallow = [c.name for c in containers if not validate_container(c)] + assert len(container_list_disallow) == 0, "CPU and memory resource requests and limits are required. for containers {}".format(container_list_disallow) + item +} +# Validate All resource +items = [validate(i) for i in option("items") or []] diff --git a/required-pod-requests-limits/README.md b/required-pod-requests-limits/README.md new file mode 100644 index 00000000..d67df755 --- /dev/null +++ b/required-pod-requests-limits/README.md @@ -0,0 +1,7 @@ +## Introduction + +`require-pod-requests-limits` is a KCL validation module + +## Resource + +The Code source and documents are [here](https://github.com/kcl-lang/artifacthub/tree/main/require-pod-requests-limits) diff --git a/required-pod-requests-limits/kcl.mod b/required-pod-requests-limits/kcl.mod new file mode 100644 index 00000000..0ac22fc2 --- /dev/null +++ b/required-pod-requests-limits/kcl.mod @@ -0,0 +1,5 @@ +[package] +name = "require-pod-requests-limits" +version = "0.1.1" +description = "`require-pod-requests-limits` is a KCL validation module" + diff --git a/required-pod-requests-limits/kcl.mod.lock b/required-pod-requests-limits/kcl.mod.lock new file mode 100644 index 00000000..e69de29b diff --git a/required-pod-requests-limits/main.k b/required-pod-requests-limits/main.k new file mode 100644 index 00000000..b09ac34e --- /dev/null +++ b/required-pod-requests-limits/main.k @@ -0,0 +1,34 @@ +# Judge a image in a container config is exempt +is_exempt = lambda image: str, exemptImages: [str] = [] -> bool { + result = False + if exemptImages: + result = any exempt_image in exemptImages { + (image.startswith(exempt_image.removesuffix("*")) if exempt_image.endswith("*") else exempt_image == image) + } + result +} + +# Get Containers from the input resource item. +get_containers = lambda item: {str:}, exemptImages: [str] = [] -> [{str:}] { + containers = [] + if item.kind == "Pod": + containers = (item.spec.containers or []) + (item.spec.initContainers or []) + (item.spec.ephemeralContainers or []) + elif item.kind == "Deployment": + containers = (item.spec.template.spec.containers or []) + (item.spec.template.spec.initContainers or []) + (item.spec.template.spec.ephemeralContainers or []) + containers = [c for c in containers if not is_exempt(c.image, exemptImages)] +} + +validate_pod_resources = lambda container: {str:} -> bool { + container?.requests?.memory and container?.requests?.cpu and container?.limits?.memory +} + +# Define the validation function +validate = lambda item: {str:} { + containers = get_containers(item) + if containers: + container_list_disallow = [c.name for c in containers if not validate_pod_resources(c)] + assert len(container_list_disallow) == 0, "CPU and memory resource requests and limits are required. for containers {}".format(container_list_disallow) + item +} +# Validate All resource +items = [validate(i) for i in option("items") or []] \ No newline at end of file diff --git a/required-root-fs/README.md b/required-root-fs/README.md new file mode 100644 index 00000000..2e2375c5 --- /dev/null +++ b/required-root-fs/README.md @@ -0,0 +1,7 @@ +## Introduction + +`required-root-fs` is a KCL validation module + +## Resource + +The Code source and documents are [here](https://github.com/kcl-lang/artifacthub/tree/main/required-root-fs) diff --git a/required-root-fs/kcl.mod b/required-root-fs/kcl.mod new file mode 100644 index 00000000..dda164aa --- /dev/null +++ b/required-root-fs/kcl.mod @@ -0,0 +1,5 @@ +[package] +name = "required-root-fs" +version = "0.1.1" +description = "`required-root-fs` is a KCL validation module" + diff --git a/required-root-fs/kcl.mod.lock b/required-root-fs/kcl.mod.lock new file mode 100644 index 00000000..e69de29b diff --git a/required-root-fs/main.k b/required-root-fs/main.k new file mode 100644 index 00000000..fed7674f --- /dev/null +++ b/required-root-fs/main.k @@ -0,0 +1,18 @@ +validate_root_fs = lambda container: {str:} -> bool { + container?.securityContext?.readOnlyRootFilesystem is True +} + +# Define the validation function +validate = lambda item { + containers: [{str:}] = [] + if item.kind == "Pod": + containers = (item.spec.containers or []) + (item.spec.initContainers or []) + (item.spec.ephemeralContainers or []) + elif item.kind == "Deployment": + containers = (item.spec.template.spec.containers or []) + (item.spec.template.spec.initContainers or []) + (item.spec.template.spec.ephemeralContainers or []) + if containers: + container_list_disallow = [c.name for c in containers if not validate_root_fs(c)] + assert len(container_list_disallow) == 0, "Root filesystem must be read-only for containers {}".format(container_list_disallow) + item +} +# Validate All resource +items = [validate(i) for i in option("items") or []] diff --git a/restrict-image-registries/README.md b/restrict-image-registries/README.md new file mode 100644 index 00000000..9d877f15 --- /dev/null +++ b/restrict-image-registries/README.md @@ -0,0 +1,7 @@ +## Introduction + +`restrict-image-registries` is a KCL validation module + +## Resource + +The Code source and documents are [here](https://github.com/kcl-lang/artifacthub/tree/main/restrict-image-registries) diff --git a/restrict-image-registries/kcl.mod b/restrict-image-registries/kcl.mod new file mode 100644 index 00000000..2887a7b7 --- /dev/null +++ b/restrict-image-registries/kcl.mod @@ -0,0 +1,5 @@ +[package] +name = "restrict-image-registries" +version = "0.1.1" +description = "`restrict-image-registries` is a KCL validation module" + diff --git a/restrict-image-registries/kcl.mod.lock b/restrict-image-registries/kcl.mod.lock new file mode 100644 index 00000000..e69de29b diff --git a/restrict-image-registries/main.k b/restrict-image-registries/main.k new file mode 100644 index 00000000..b8c68f67 --- /dev/null +++ b/restrict-image-registries/main.k @@ -0,0 +1,44 @@ +import yaml + +registries: [str] = option("params")?.registries or [] + +validate_image_registry = lambda image: str, registries: [str] -> bool { + any registry in registries { + image.startswith(registry) + } +} + +# Define the validation function +validate = lambda item, registries: [str] { + containers: [{str:}] = [] + if item.kind == "Pod": + containers = (item.spec.containers or []) + (item.spec.initContainers or []) + (item.spec.ephemeralContainers or []) + elif item.kind == "Deployment": + containers = (item.spec.template.spec.containers or []) + (item.spec.template.spec.initContainers or []) + (item.spec.template.spec.ephemeralContainers or []) + if containers: + image_list_disallow = [c.image for c in containers if not validate_image_registry(c.image, registries)] + assert len(image_list_disallow) == 0, "container images {} is not allowed, expected {}".format(image_list_disallow, registries) + item +} +# Validate All resource +items = [validate(i, registries) for i in option("items") or []] + +if option("__test__"): + validate(yaml.decode("""\ +apiVersion: v1 +kind: Pod +metadata: + name: goodpod02-registry + namespace: ir-pods-namespace +spec: + initContainers: + - name: nginx-init + image: bar.io/nginx + - name: busybox-init + image: eu.foo.io/busybox + containers: + - name: k8s-nginx + image: bar.io/nginx + - name: busybox + image: eu.foo.io1/busybox + """), ["bar.io/", "eu.foo.io/"]) diff --git a/restrict-service-external-ips/README.md b/restrict-service-external-ips/README.md new file mode 100644 index 00000000..f11688b3 --- /dev/null +++ b/restrict-service-external-ips/README.md @@ -0,0 +1,7 @@ +## Introduction + +`restrict-service-external-ips` is a KCL validation module + +## Resource + +The Code source and documents are [here](https://github.com/kcl-lang/artifacthub/tree/main/restrict-service-external-ips) diff --git a/restrict-service-external-ips/kcl.mod b/restrict-service-external-ips/kcl.mod new file mode 100644 index 00000000..95f57050 --- /dev/null +++ b/restrict-service-external-ips/kcl.mod @@ -0,0 +1,5 @@ +[package] +name = "restrict-service-external-ips" +version = "0.1.1" +description = "`restrict-service-external-ips` is a KCL validation module" + diff --git a/restrict-service-external-ips/main.k b/restrict-service-external-ips/main.k new file mode 100644 index 00000000..a4ee212b --- /dev/null +++ b/restrict-service-external-ips/main.k @@ -0,0 +1,37 @@ +"""Service externalIPs can be used for a MITM attack (CVE-2020-8554). +Restrict externalIPs or limit to a known set of addresses. +See: https://github.com/kyverno/kyverno/issues/1367. This policy validates +that the `externalIPs` field is not set on a Service. +""" +import yaml + +externalIPs: [str] = option("params")?.externalIPs or [] + +# Define the validation function +validate = lambda item, externalIPs: [str] { + if item.kind == "Service" and externalIPs: + input = item?.spec?.externalIPs or [] + assert all ip in input { + ip in externalIPs + } if input, "externalIPs ${item?.spec?.externalIPs} are not allowed, expected ${externalIPs}" + item +} +# Validate All resource +items = [validate(i, externalIPs) for i in option("items") or []] + +if option("__test__"): + validate(yaml.decode("""\ +apiVersion: v1 +kind: Service +metadata: + name: badservice01-eip +spec: + selector: + app: MyApp + ports: + - protocol: TCP + port: 80 + targetPort: 9376 + externalIPs: + - 127.0.0.1 # Error suite: 127.0.0.2 + """), ["127.0.0.1"]) From f47e8646a5d08a4ad4e6d6b6a13945f9c50cf836 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Sun, 12 Nov 2023 04:58:02 +0000 Subject: [PATCH 2/5] Updata artifacthub-pkg.yaml --- .../k8s_manifests_containers/0.1.2/README.md | 5 ++++ .../0.1.2/artifacthub-pkg.yaml | 26 +++++++++++++++++++ .../0.1.1/README.md | 7 +++++ .../0.1.1/artifacthub-pkg.yaml | 25 ++++++++++++++++++ .../required-drop-all/0.1.1/README.md | 7 +++++ .../0.1.1/artifacthub-pkg.yaml | 25 ++++++++++++++++++ .../required-drop-cap-net-all/0.1.1/README.md | 7 +++++ .../0.1.1/artifacthub-pkg.yaml | 25 ++++++++++++++++++ .../required-root-fs/0.1.1/README.md | 7 +++++ .../0.1.1/artifacthub-pkg.yaml | 25 ++++++++++++++++++ .../restrict-image-registries/0.1.1/README.md | 7 +++++ .../0.1.1/artifacthub-pkg.yaml | 25 ++++++++++++++++++ .../0.1.1/README.md | 7 +++++ .../0.1.1/artifacthub-pkg.yaml | 25 ++++++++++++++++++ 14 files changed, 223 insertions(+) create mode 100644 .integration/artifacthub/k8s_manifests_containers/0.1.2/README.md create mode 100644 .integration/artifacthub/k8s_manifests_containers/0.1.2/artifacthub-pkg.yaml create mode 100644 .integration/artifacthub/require-pod-requests-limits/0.1.1/README.md create mode 100644 .integration/artifacthub/require-pod-requests-limits/0.1.1/artifacthub-pkg.yaml create mode 100644 .integration/artifacthub/required-drop-all/0.1.1/README.md create mode 100644 .integration/artifacthub/required-drop-all/0.1.1/artifacthub-pkg.yaml create mode 100644 .integration/artifacthub/required-drop-cap-net-all/0.1.1/README.md create mode 100644 .integration/artifacthub/required-drop-cap-net-all/0.1.1/artifacthub-pkg.yaml create mode 100644 .integration/artifacthub/required-root-fs/0.1.1/README.md create mode 100644 .integration/artifacthub/required-root-fs/0.1.1/artifacthub-pkg.yaml create mode 100644 .integration/artifacthub/restrict-image-registries/0.1.1/README.md create mode 100644 .integration/artifacthub/restrict-image-registries/0.1.1/artifacthub-pkg.yaml create mode 100644 .integration/artifacthub/restrict-service-external-ips/0.1.1/README.md create mode 100644 .integration/artifacthub/restrict-service-external-ips/0.1.1/artifacthub-pkg.yaml diff --git a/.integration/artifacthub/k8s_manifests_containers/0.1.2/README.md b/.integration/artifacthub/k8s_manifests_containers/0.1.2/README.md new file mode 100644 index 00000000..7c561101 --- /dev/null +++ b/.integration/artifacthub/k8s_manifests_containers/0.1.2/README.md @@ -0,0 +1,5 @@ +## Introduction + +## Resource + +Code source and document is [here](https://github.com/kcl-lang/artifacthub/tree/main/k8s_manifests_containers) diff --git a/.integration/artifacthub/k8s_manifests_containers/0.1.2/artifacthub-pkg.yaml b/.integration/artifacthub/k8s_manifests_containers/0.1.2/artifacthub-pkg.yaml new file mode 100644 index 00000000..c5889f05 --- /dev/null +++ b/.integration/artifacthub/k8s_manifests_containers/0.1.2/artifacthub-pkg.yaml @@ -0,0 +1,26 @@ +version: 0.1.2 +name: k8s_manifests_containers +displayName: k8s_manifests_containers +createdAt: "2023-11-12T04:57:25Z" +description: '`k8s_manifests_containers` can be used to get all containers resources + in a Pod resource.' +links: +- name: KCL homepage + url: https://kcl-lang.io/ +- name: KCL repo + url: https://github.com/kcl-lang/kcl +install: | + #### Add `k8s_manifests_containers` with tag `0.1.2` as dependency + ``` + kpm add k8s_manifests_containers:0.1.2 + ``` + + #### Pull `k8s_manifests_containers` with tag `0.1.2` to local + ``` + kpm pull k8s_manifests_containers:0.1.2 + ``` +maintainers: +- name: kcl-lang.io + email: kcl-lang.io@domainsbyproxy.com +provider: + name: kcl-lang.io diff --git a/.integration/artifacthub/require-pod-requests-limits/0.1.1/README.md b/.integration/artifacthub/require-pod-requests-limits/0.1.1/README.md new file mode 100644 index 00000000..d67df755 --- /dev/null +++ b/.integration/artifacthub/require-pod-requests-limits/0.1.1/README.md @@ -0,0 +1,7 @@ +## Introduction + +`require-pod-requests-limits` is a KCL validation module + +## Resource + +The Code source and documents are [here](https://github.com/kcl-lang/artifacthub/tree/main/require-pod-requests-limits) diff --git a/.integration/artifacthub/require-pod-requests-limits/0.1.1/artifacthub-pkg.yaml b/.integration/artifacthub/require-pod-requests-limits/0.1.1/artifacthub-pkg.yaml new file mode 100644 index 00000000..a07007d3 --- /dev/null +++ b/.integration/artifacthub/require-pod-requests-limits/0.1.1/artifacthub-pkg.yaml @@ -0,0 +1,25 @@ +version: 0.1.1 +name: require-pod-requests-limits +displayName: require-pod-requests-limits +createdAt: "2023-11-12T04:57:20Z" +description: '`require-pod-requests-limits` is a KCL validation module' +links: +- name: KCL homepage + url: https://kcl-lang.io/ +- name: KCL repo + url: https://github.com/kcl-lang/kcl +install: | + #### Add `require-pod-requests-limits` with tag `0.1.1` as dependency + ``` + kpm add require-pod-requests-limits:0.1.1 + ``` + + #### Pull `require-pod-requests-limits` with tag `0.1.1` to local + ``` + kpm pull require-pod-requests-limits:0.1.1 + ``` +maintainers: +- name: kcl-lang.io + email: kcl-lang.io@domainsbyproxy.com +provider: + name: kcl-lang.io diff --git a/.integration/artifacthub/required-drop-all/0.1.1/README.md b/.integration/artifacthub/required-drop-all/0.1.1/README.md new file mode 100644 index 00000000..d67df755 --- /dev/null +++ b/.integration/artifacthub/required-drop-all/0.1.1/README.md @@ -0,0 +1,7 @@ +## Introduction + +`require-pod-requests-limits` is a KCL validation module + +## Resource + +The Code source and documents are [here](https://github.com/kcl-lang/artifacthub/tree/main/require-pod-requests-limits) diff --git a/.integration/artifacthub/required-drop-all/0.1.1/artifacthub-pkg.yaml b/.integration/artifacthub/required-drop-all/0.1.1/artifacthub-pkg.yaml new file mode 100644 index 00000000..8b4dc417 --- /dev/null +++ b/.integration/artifacthub/required-drop-all/0.1.1/artifacthub-pkg.yaml @@ -0,0 +1,25 @@ +version: 0.1.1 +name: required-drop-all +displayName: required-drop-all +createdAt: "2023-11-12T04:57:18Z" +description: '`required-drop-all` is a KCL validation module' +links: +- name: KCL homepage + url: https://kcl-lang.io/ +- name: KCL repo + url: https://github.com/kcl-lang/kcl +install: | + #### Add `required-drop-all` with tag `0.1.1` as dependency + ``` + kpm add required-drop-all:0.1.1 + ``` + + #### Pull `required-drop-all` with tag `0.1.1` to local + ``` + kpm pull required-drop-all:0.1.1 + ``` +maintainers: +- name: kcl-lang.io + email: kcl-lang.io@domainsbyproxy.com +provider: + name: kcl-lang.io diff --git a/.integration/artifacthub/required-drop-cap-net-all/0.1.1/README.md b/.integration/artifacthub/required-drop-cap-net-all/0.1.1/README.md new file mode 100644 index 00000000..76b6d5dd --- /dev/null +++ b/.integration/artifacthub/required-drop-cap-net-all/0.1.1/README.md @@ -0,0 +1,7 @@ +## Introduction + +`required-drop-cap-net-all` is a KCL validation module + +## Resource + +The Code source and documents are [here](https://github.com/kcl-lang/artifacthub/tree/main/required-drop-cap-net-all) diff --git a/.integration/artifacthub/required-drop-cap-net-all/0.1.1/artifacthub-pkg.yaml b/.integration/artifacthub/required-drop-cap-net-all/0.1.1/artifacthub-pkg.yaml new file mode 100644 index 00000000..33d7489b --- /dev/null +++ b/.integration/artifacthub/required-drop-cap-net-all/0.1.1/artifacthub-pkg.yaml @@ -0,0 +1,25 @@ +version: 0.1.1 +name: required-drop-cap-net-all +displayName: required-drop-cap-net-all +createdAt: "2023-11-12T04:57:19Z" +description: '`required-drop-cap-net-all` is a KCL validation module' +links: +- name: KCL homepage + url: https://kcl-lang.io/ +- name: KCL repo + url: https://github.com/kcl-lang/kcl +install: | + #### Add `required-drop-cap-net-all` with tag `0.1.1` as dependency + ``` + kpm add required-drop-cap-net-all:0.1.1 + ``` + + #### Pull `required-drop-cap-net-all` with tag `0.1.1` to local + ``` + kpm pull required-drop-cap-net-all:0.1.1 + ``` +maintainers: +- name: kcl-lang.io + email: kcl-lang.io@domainsbyproxy.com +provider: + name: kcl-lang.io diff --git a/.integration/artifacthub/required-root-fs/0.1.1/README.md b/.integration/artifacthub/required-root-fs/0.1.1/README.md new file mode 100644 index 00000000..2e2375c5 --- /dev/null +++ b/.integration/artifacthub/required-root-fs/0.1.1/README.md @@ -0,0 +1,7 @@ +## Introduction + +`required-root-fs` is a KCL validation module + +## Resource + +The Code source and documents are [here](https://github.com/kcl-lang/artifacthub/tree/main/required-root-fs) diff --git a/.integration/artifacthub/required-root-fs/0.1.1/artifacthub-pkg.yaml b/.integration/artifacthub/required-root-fs/0.1.1/artifacthub-pkg.yaml new file mode 100644 index 00000000..260b0c0a --- /dev/null +++ b/.integration/artifacthub/required-root-fs/0.1.1/artifacthub-pkg.yaml @@ -0,0 +1,25 @@ +version: 0.1.1 +name: required-root-fs +displayName: required-root-fs +createdAt: "2023-11-12T04:57:21Z" +description: '`required-root-fs` is a KCL validation module' +links: +- name: KCL homepage + url: https://kcl-lang.io/ +- name: KCL repo + url: https://github.com/kcl-lang/kcl +install: | + #### Add `required-root-fs` with tag `0.1.1` as dependency + ``` + kpm add required-root-fs:0.1.1 + ``` + + #### Pull `required-root-fs` with tag `0.1.1` to local + ``` + kpm pull required-root-fs:0.1.1 + ``` +maintainers: +- name: kcl-lang.io + email: kcl-lang.io@domainsbyproxy.com +provider: + name: kcl-lang.io diff --git a/.integration/artifacthub/restrict-image-registries/0.1.1/README.md b/.integration/artifacthub/restrict-image-registries/0.1.1/README.md new file mode 100644 index 00000000..9d877f15 --- /dev/null +++ b/.integration/artifacthub/restrict-image-registries/0.1.1/README.md @@ -0,0 +1,7 @@ +## Introduction + +`restrict-image-registries` is a KCL validation module + +## Resource + +The Code source and documents are [here](https://github.com/kcl-lang/artifacthub/tree/main/restrict-image-registries) diff --git a/.integration/artifacthub/restrict-image-registries/0.1.1/artifacthub-pkg.yaml b/.integration/artifacthub/restrict-image-registries/0.1.1/artifacthub-pkg.yaml new file mode 100644 index 00000000..828f9df0 --- /dev/null +++ b/.integration/artifacthub/restrict-image-registries/0.1.1/artifacthub-pkg.yaml @@ -0,0 +1,25 @@ +version: 0.1.1 +name: restrict-image-registries +displayName: restrict-image-registries +createdAt: "2023-11-12T04:57:23Z" +description: '`restrict-image-registries` is a KCL validation module' +links: +- name: KCL homepage + url: https://kcl-lang.io/ +- name: KCL repo + url: https://github.com/kcl-lang/kcl +install: | + #### Add `restrict-image-registries` with tag `0.1.1` as dependency + ``` + kpm add restrict-image-registries:0.1.1 + ``` + + #### Pull `restrict-image-registries` with tag `0.1.1` to local + ``` + kpm pull restrict-image-registries:0.1.1 + ``` +maintainers: +- name: kcl-lang.io + email: kcl-lang.io@domainsbyproxy.com +provider: + name: kcl-lang.io diff --git a/.integration/artifacthub/restrict-service-external-ips/0.1.1/README.md b/.integration/artifacthub/restrict-service-external-ips/0.1.1/README.md new file mode 100644 index 00000000..f11688b3 --- /dev/null +++ b/.integration/artifacthub/restrict-service-external-ips/0.1.1/README.md @@ -0,0 +1,7 @@ +## Introduction + +`restrict-service-external-ips` is a KCL validation module + +## Resource + +The Code source and documents are [here](https://github.com/kcl-lang/artifacthub/tree/main/restrict-service-external-ips) diff --git a/.integration/artifacthub/restrict-service-external-ips/0.1.1/artifacthub-pkg.yaml b/.integration/artifacthub/restrict-service-external-ips/0.1.1/artifacthub-pkg.yaml new file mode 100644 index 00000000..c75c6915 --- /dev/null +++ b/.integration/artifacthub/restrict-service-external-ips/0.1.1/artifacthub-pkg.yaml @@ -0,0 +1,25 @@ +version: 0.1.1 +name: restrict-service-external-ips +displayName: restrict-service-external-ips +createdAt: "2023-11-12T04:57:24Z" +description: '`restrict-service-external-ips` is a KCL validation module' +links: +- name: KCL homepage + url: https://kcl-lang.io/ +- name: KCL repo + url: https://github.com/kcl-lang/kcl +install: | + #### Add `restrict-service-external-ips` with tag `0.1.1` as dependency + ``` + kpm add restrict-service-external-ips:0.1.1 + ``` + + #### Pull `restrict-service-external-ips` with tag `0.1.1` to local + ``` + kpm pull restrict-service-external-ips:0.1.1 + ``` +maintainers: +- name: kcl-lang.io + email: kcl-lang.io@domainsbyproxy.com +provider: + name: kcl-lang.io From 0f38211e250372e1b114c89859d85a73f4ee97ab Mon Sep 17 00:00:00 2001 From: peefy Date: Sun, 12 Nov 2023 13:22:43 +0800 Subject: [PATCH 3/5] chore: bump package to module concept Signed-off-by: peefy --- README-zh.md | 30 +++++++++++----------- README.md | 72 ++++++++++++++++++++++++++-------------------------- 2 files changed, 51 insertions(+), 51 deletions(-) diff --git a/README-zh.md b/README-zh.md index a5bc345e..61ec2c5f 100644 --- a/README-zh.md +++ b/README-zh.md @@ -1,9 +1,9 @@ -

KCL 集成 ArtifactHub

+

KCL Modules

English | 简体中文 -这个仓库负责保存已经发布的 KCL package,并且您可以在 [artifacthub.io (AH)](https://artifacthub.io/) 上找到这些包。 +这个仓库负责保存已经发布的 KCL 模块,并且您可以在 [artifacthub.io (AH)](https://artifacthub.io/) 上找到这些包。 ## 快速开始 @@ -13,20 +13,20 @@ - 安装 [kpm](https://kcl-lang.io/zh-CN/docs/user_docs/guides/package-management/installation/) - 安装 [git](https://git-scm.com/book/zh/v2/%E8%B5%B7%E6%AD%A5-%E5%AE%89%E8%A3%85-Git) -- [注册一个 Github 账户(可选,您需要有一个github的账户)](https://docs.github.com/zh/get-started/signing-up-for-github/signing-up-for-a-new-github-account) +- [注册一个 Github 账户(可选)](https://docs.github.com/zh/get-started/signing-up-for-github/signing-up-for-a-new-github-account) ### 代码仓库 -注意:如果您希望将您的 KCL 包发布到 kcl-lang 官方的 Registry 中,那么您的 KCL 包的源代码将以开源的形式保存在当前仓库中,您需要将您的包的源代码通过 PR 提交到这个仓库中。 +注意:如果您希望将您的 KCL 包发布到 `kcl-lang` 官方的 Registry 中,那么您的 KCL 包的源代码将以开源的形式保存在当前仓库中,您需要将您的包的源代码通过 PR 提交到这个仓库中。 ### 准备您的 KCL 包 -通过 `kpm init ` 命令, 您可以创建一个合法的 KCL 程序包。 +通过 `kpm init ` 命令, 您可以创建一个合法的 KCL 程序模块。 目前,仓库能够识别的合法的程序的目录结构如下: ``` - + |- kcl.mod (必选的) |- kcl.mod.lock (可选的) |- artifacthub-pkg.yaml (可选的) @@ -52,7 +52,7 @@ git clone https://github.com/kcl-lang/artifacthub --depth=1 #### 2. 为您的包创建一个分支 -我们推荐您的分支名为:publish-pkg-, 为您包的名称。 +我们推荐您的分支名为:publish-pkg-, 为您包的名称。 以包 helloworld 为例 @@ -76,7 +76,7 @@ kpm init helloworld 您可以为 helloworld 包增加一个 README.md 文件保存在包的根目录下,用来展示在 AH 的首页中。 ``` echo "## Introduction" >> helloworld/README.md -echo "This is a kcl package named helloworld." >> helloworld/README.md +echo "This is a kcl module named helloworld." >> helloworld/README.md ``` #### 4. 提交您的包 @@ -89,32 +89,32 @@ echo "This is a kcl package named helloworld." >> helloworld/README.md git add . ``` -使用 `git commit -s` 命令提交您的包, 我们推荐您的 commit message 遵循 “publish package ” 的格式。 +使用 `git commit -s` 命令提交您的包, 我们推荐您的 commit message 遵循 “publish module ” 的格式。 ``` -git commit -m"publish package helloworld" -s +git commit -m "publish module helloworld" -s ``` -使用 `git push` 命令将您的包提交到您的分支 publish-pkg- 中 +使用 `git push` 命令将您的包提交到您的分支 publish-pkg- 中 ``` git push ``` #### 5. 提交 PR -将您的分支 publish-pkg- 向仓库的 main 分支提交 PR。 +将您的分支 publish-pkg- 向仓库的 main 分支提交 PR。 - [如何创建 PR](https://docs.github.com/zh/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request) ### 通过 PR 升级您的包 完成包的内容上传后,您可以通过 PR 升级您的包。 -注意:**我们没有提供任何改变包的内容但是不改变版本号的升级策略。** 如果您想要升级您的包,并希望您升级后的包被展示在 AH 上,您需要修改您的包的版本号。即在 kcl.mod 文件的 package 章节中的 version 字段。 +注意:**我们没有提供任何改变包的内容但是不改变版本号的升级策略。** 如果您想要升级您的包,并希望您升级后的包被展示在 AH 上,您需要修改您的包的版本号。即在 kcl.mod 文件的 module 章节中的 version 字段。 ``` [package] -name = "my_package" +name = "my_module" edition = "*" version = "0.1.0" # 改变这个字段来升级您的包 -description = "This is my package." +description = "This is my module." ``` 同样,**您无法多次上传同一个版本号的 KCL 包**,一旦您的包的版本号已经被使用,您将无法再次使用这个版本号,再次上传这个包的方式就只有升级版本号。 diff --git a/README.md b/README.md index b5c211a7..ef1a7706 100644 --- a/README.md +++ b/README.md @@ -1,32 +1,32 @@ -

KCL Integrations ArtifactHub

+

KCL Modules

English | 简体中文 -This repository is responsible for saving the published KCL packages, and you can find these packages on [artifacthub.io (AH)](https://artifacthub.io/). +This repository is responsible for saving the published KCL modules, and you can find these modules on [artifacthub.io (AH)](https://artifacthub.io/). ## Quick Start -In the next section, we will show you how to publish your package with a `helloworld` example. +In the next section, we will show you how to publish your module with a `helloworld` example. ### Prerequisites - Install [kpm](https://kcl-lang.io/docs/user_docs/guides/package-management/installation/) - Install [git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git) -- [Register a Github account (optional, you need a github account)](https://docs.github.com/en/get-started/signing-up-for-github/signing-up-for-a-new-github-account) +- [Register a GitHub account (optional)](https://docs.github.com/en/get-started/signing-up-for-github/signing-up-for-a-new-github-account) ### Code Repository -NOTE: If you want to publish your KCL package to the kcl-lang official registry, then the source code of your KCL package will be saved in this repo, you need to submit the source code of your package to this repository via PR. +NOTE: If you want to publish your KCL module to the `kcl-lang` official registry, then the source code of your KCL module will be saved in this repo, you need to submit the source code of your module to this repository via PR. -### Prepare your KCL package +### Prepare your KCL Module -By the `kpm init ` command, you can create a valid KCL package. +By the `kpm init ` command, you can create a valid KCL module. -Currently, the directory structure of a valid kcl package that the repository can recognize is as follows: +Currently, the directory structure of a valid KCL module that the repository can recognize is as follows: -``` - +```text + |- kcl.mod (required) |- kcl.mod.lock (optional) |- artifacthub-pkg.yaml (optional) @@ -34,17 +34,17 @@ Currently, the directory structure of a valid kcl package that the repository ca |- (*.k) kcl program files ``` -- kcl.mod : As the identification file of the KCL package, this file is **required**, and the directory containing the kcl.mod file will be identified as the root directory of the file. +- kcl.mod : As the identification file of the KCL module, this file is **required**, and the directory containing the kcl.mod file will be identified as the root directory of the file. - kcl.mod.lock : Automatically generated file to fix dependency versions, this file is **optional** and does not need to be manually modified. -- artifacthub-pkg.yaml : This file is **optional**, because our repository currently displays all packages through artifacthub.io, you can configure the information you want to show through artifacthub-pkg.yaml. Our strategy is that **if there is a configuration file named artifacthub-pkg.yaml in the directory where your package's kcl.mod file is located, then we will use the artifacthub-pkg.yaml you provided to display the information of your package, otherwise, we will use some default information to generate the corresponding artifacthub-pkg.yaml file.** +- artifacthub-pkg.yaml : This file is **optional**, because our repository currently displays all modules through artifacthub.io, you can configure the information you want to show through artifacthub-pkg.yaml. Our strategy is that **if there is a configuration file named artifacthub-pkg.yaml in the directory where your module's kcl.mod file is located, then we will use the artifacthub-pkg.yaml you provided to display the information of your module, otherwise, we will use some default information to generate the corresponding artifacthub-pkg.yaml file.** -- README.md : A markdown file as the documentation for your package, this file is **optional**, **if you do not provide this file, it will not be displayed on artifacthub.io**. +- README.md : A markdown file as the documentation for your module, this file is **optional**, **if you do not provide this file, it will not be displayed on artifacthub.io**. - (*.k) kcl program files: The source code of your KCL program. -### Publish your package by PR +### Publish your module by PR #### 1. Clone the code repository @@ -54,52 +54,52 @@ First, you need to clone the repository git clone https://github.com/kcl-lang/artifacthub --depth=1 ``` -#### 2. Create a branch for your package +#### 2. Create a branch for your module -We recommend that your branch name be: `publish-pkg-`, `` is the name of your package. +We recommend that your branch name be: `publish-pkg-`, `` is the name of your module. -Take the package `helloworld` as an example +Take the module `helloworld` as an example Enter the artifacthub directory you downloaded ``` cd artifacthub ``` -Create a branch `publish-pkg-helloworld` for the package `helloworld` +Create a branch `publish-pkg-helloworld` for the module `helloworld` ``` git checkout -b publish-pkg-helloworld ``` -#### 3. Add your KCL package +#### 3. Add your KCL module -You need to move your package to the current directory. In our example, we use the `kpm init` command to create the package `helloworld` +You need to move your module to the current directory. In our example, we use the `kpm init` command to create the module `helloworld` ``` kpm init helloworld ``` -You can add a `README.md` file to the root directory of the package to display on the homepage of AH. +You can add a `README.md` file to the root directory of the module to display on the homepage of AH. ``` echo "## Introduction" >> helloworld/README.md -echo "This is a kcl package named helloworld." >> helloworld/README.md +echo "This is a kcl module named helloworld." >> helloworld/README.md ``` -#### 4. Commit your package +#### 4. Commit your module -You can use the following command to commit your package +You can use the following command to commit your module -Use `git add .` command to add your package to the staging area of git +Use `git add .` command to add your module to the staging area of git ``` git add . ``` -Use `git commit -s` command to commit your package, we recommend that your commit message follow the format "publish package ". +Use `git commit -s` command to commit your module, we recommend that your commit message follow the format "publish module ". ``` -git commit -m"publish package helloworld" -s +git commit -m "publish module helloworld" -s ``` -Use `git push` command to submit your package to your branch `publish-pkg-` +Use `git push` command to submit your module to your branch `publish-pkg-` ``` git push @@ -107,23 +107,23 @@ git push #### 5. Submit a PR -Finally, you need to submit a PR to the main branch of the repository with your branch `publish-pkg-`. +Finally, you need to submit a PR to the main branch of the repository with your branch `publish-pkg-`. - [How to create PR](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request) -### Upgrade your package by PR +### Upgrade your module by PR -After completing the upload of the package content, you can upgrade your package by PR. +After completing the upload of the module content, you can upgrade your module by PR. -NOTE: **We do not provide any upgrade strategy that changes the content of the package but does not change the version number.** If you want to upgrade your package and want your upgraded package to be displayed on AH, you need to modify the version number of your package. That is, the version field in the package section of the kcl.mod file. +NOTE: **We do not provide any upgrade strategy that changes the content of the module but does not change the version number.** If you want to upgrade your module and want your upgraded module to be displayed on AH, you need to modify the version number of your module. That is, the version field in the module section of the kcl.mod file. ``` [package] -name = "my_package" +name = "my_module" edition = "*" -version = "0.1.0" # change this field to upgrade your package -description = "This is my package." +version = "0.1.0" # change this field to upgrade your module +description = "This is my module." ``` -**At the same time, you cannot upload the same version package multiple times.** Once the version number of your package has been used, you will not be able to use this version number again. The only way to upload this package again is to upgrade the version number. +**At the same time, you cannot upload the same version module multiple times.** Once the version number of your module has been used, you will not be able to use this version number again. The only way to upload this module again is to upgrade the version number. From efb750961fdd07d031fc5eee1060303b6ce4ac9e Mon Sep 17 00:00:00 2001 From: peefy Date: Sun, 12 Nov 2023 14:41:01 +0800 Subject: [PATCH 4/5] feat: add more cncf project validation modules Signed-off-by: peefy --- add-castai-removal-disabled/README.md | 16 ++++++++++++++++ add-castai-removal-disabled/kcl.mod | 5 +++++ add-castai-removal-disabled/main.k | 9 +++++++++ add-network-policy-dns/README.md | 7 +++++++ add-network-policy-dns/kcl.mod | 6 ++++++ add-network-policy-dns/kcl.mod.lock | 0 add-network-policy-dns/main.k | 21 +++++++++++++++++++++ add-network-policy/README.md | 7 +++++++ add-network-policy/kcl.mod | 6 ++++++ add-network-policy/kcl.mod.lock | 0 add-network-policy/main.k | 14 ++++++++++++++ add-safe-to-evict/README.md | 7 +++++++ add-safe-to-evict/kcl.mod | 5 +++++ add-safe-to-evict/main.k | 6 ++++++ cert-manager-limit-dns-names/README.md | 7 +++++++ cert-manager-limit-dns-names/kcl.mod | 4 ++++ cert-manager-limit-dns-names/main.k | 8 ++++++++ cert-manager-limit-duration/README.md | 7 +++++++ cert-manager-limit-duration/kcl.mod | 4 ++++ cert-manager-limit-duration/main.k | 11 +++++++++++ cert-manager-restrict-issuer/README.md | 7 +++++++ cert-manager-restrict-issuer/kcl.mod | 4 ++++ cert-manager-restrict-issuer/main.k | 13 +++++++++++++ consul-enforce-min-tls-version/README.md | 7 +++++++ consul-enforce-min-tls-version/kcl.mod | 4 ++++ consul-enforce-min-tls-version/main.k | 8 ++++++++ disallow-cri-sock-mount/README.md | 7 +++++++ disallow-cri-sock-mount/kcl.mod | 4 ++++ disallow-cri-sock-mount/main.k | 22 ++++++++++++++++++++++ disallow-default-namespace/README.md | 7 +++++++ disallow-default-namespace/kcl.mod | 4 ++++ disallow-default-namespace/main.k | 17 +++++++++++++++++ disallow-empty-ingress-host/README.md | 7 +++++++ disallow-empty-ingress-host/kcl.mod | 4 ++++ disallow-empty-ingress-host/main.k | 14 ++++++++++++++ disallow-helm-tiller/README.md | 7 +++++++ disallow-helm-tiller/kcl.mod | 4 ++++ disallow-helm-tiller/main.k | 22 ++++++++++++++++++++++ disallow-image-repos/README.md | 5 +++++ disallow-image-repos/kcl.mod | 4 ++++ disallow-image-repos/main.k | 23 +++++++++++++++++++++++ disallow-latest-tag/README.md | 7 +++++++ disallow-latest-tag/kcl.mod | 4 ++++ disallow-latest-tag/main.k | 18 ++++++++++++++++++ 44 files changed, 373 insertions(+) create mode 100644 add-castai-removal-disabled/README.md create mode 100644 add-castai-removal-disabled/kcl.mod create mode 100644 add-castai-removal-disabled/main.k create mode 100644 add-network-policy-dns/README.md create mode 100644 add-network-policy-dns/kcl.mod create mode 100644 add-network-policy-dns/kcl.mod.lock create mode 100644 add-network-policy-dns/main.k create mode 100644 add-network-policy/README.md create mode 100644 add-network-policy/kcl.mod create mode 100644 add-network-policy/kcl.mod.lock create mode 100644 add-network-policy/main.k create mode 100644 add-safe-to-evict/README.md create mode 100644 add-safe-to-evict/kcl.mod create mode 100644 add-safe-to-evict/main.k create mode 100644 cert-manager-limit-dns-names/README.md create mode 100644 cert-manager-limit-dns-names/kcl.mod create mode 100644 cert-manager-limit-dns-names/main.k create mode 100644 cert-manager-limit-duration/README.md create mode 100644 cert-manager-limit-duration/kcl.mod create mode 100644 cert-manager-limit-duration/main.k create mode 100644 cert-manager-restrict-issuer/README.md create mode 100644 cert-manager-restrict-issuer/kcl.mod create mode 100644 cert-manager-restrict-issuer/main.k create mode 100644 consul-enforce-min-tls-version/README.md create mode 100644 consul-enforce-min-tls-version/kcl.mod create mode 100644 consul-enforce-min-tls-version/main.k create mode 100644 disallow-cri-sock-mount/README.md create mode 100644 disallow-cri-sock-mount/kcl.mod create mode 100644 disallow-cri-sock-mount/main.k create mode 100644 disallow-default-namespace/README.md create mode 100644 disallow-default-namespace/kcl.mod create mode 100644 disallow-default-namespace/main.k create mode 100644 disallow-empty-ingress-host/README.md create mode 100644 disallow-empty-ingress-host/kcl.mod create mode 100644 disallow-empty-ingress-host/main.k create mode 100644 disallow-helm-tiller/README.md create mode 100644 disallow-helm-tiller/kcl.mod create mode 100644 disallow-helm-tiller/main.k create mode 100644 disallow-image-repos/README.md create mode 100644 disallow-image-repos/kcl.mod create mode 100644 disallow-image-repos/main.k create mode 100644 disallow-latest-tag/README.md create mode 100644 disallow-latest-tag/kcl.mod create mode 100644 disallow-latest-tag/main.k diff --git a/add-castai-removal-disabled/README.md b/add-castai-removal-disabled/README.md new file mode 100644 index 00000000..63187a54 --- /dev/null +++ b/add-castai-removal-disabled/README.md @@ -0,0 +1,16 @@ +## Introduction + +`add-castai-removal-disabled` is a KCL mutation package. + +## How to Use + +Add the source to your `KCLRun`` resource and use the [kubectl kcl plugin](https://kcl-lang.io/docs/user_docs/guides/working-with-k8s/mutate-manifests/kubectl-kcl-plugin) or the [kcl operator](https://kcl-lang.io/docs/user_docs/guides/working-with-k8s/mutate-manifests/kcl-operator) to integrate this model. + +```yaml +apiVersion: krm.kcl.dev/v1alpha1 +kind: KCLRun +metadata: + name: add-castai-removal-disabled +spec: + source: oci://ghcr.io/kcl-lang/add-castai-removal-disabled +``` diff --git a/add-castai-removal-disabled/kcl.mod b/add-castai-removal-disabled/kcl.mod new file mode 100644 index 00000000..9bfd6df2 --- /dev/null +++ b/add-castai-removal-disabled/kcl.mod @@ -0,0 +1,5 @@ +[package] +name = "add-castai-removal-disabled" +edition = "*" +version = "0.1.0" +description = "`add-castai-removal-disabled` is a kcl mutation package." diff --git a/add-castai-removal-disabled/main.k b/add-castai-removal-disabled/main.k new file mode 100644 index 00000000..e8121e02 --- /dev/null +++ b/add-castai-removal-disabled/main.k @@ -0,0 +1,9 @@ +labels = option("labels") or { + "autoscaling.cast.ai/removal-disabled" = "true" +} +items = [item | { + if item.kind == "Job": + spec.template.metadata.labels: labels + elif item.kind == "CronJob": + jobTemplate.template.metadata.labels: labels +} for item in option("items") or []] diff --git a/add-network-policy-dns/README.md b/add-network-policy-dns/README.md new file mode 100644 index 00000000..71245d84 --- /dev/null +++ b/add-network-policy-dns/README.md @@ -0,0 +1,7 @@ +## Introduction + +`add-network-policy-dns` is a KCL mutation module + +## Resource + +The Code source and documents are [here](https://github.com/kcl-lang/artifacthub/tree/main/add-network-policy-dns) diff --git a/add-network-policy-dns/kcl.mod b/add-network-policy-dns/kcl.mod new file mode 100644 index 00000000..f2a9418f --- /dev/null +++ b/add-network-policy-dns/kcl.mod @@ -0,0 +1,6 @@ +[package] +name = "add-network-policy-dns" +edition = "*" +version = "0.1.0" +description = "`add-network-policy-dns` is a KCL mutation module" + diff --git a/add-network-policy-dns/kcl.mod.lock b/add-network-policy-dns/kcl.mod.lock new file mode 100644 index 00000000..e69de29b diff --git a/add-network-policy-dns/main.k b/add-network-policy-dns/main.k new file mode 100644 index 00000000..aa82dd4f --- /dev/null +++ b/add-network-policy-dns/main.k @@ -0,0 +1,21 @@ +ns_list = [item.metadata.name for item in option("items") or [] if item.kind == "Namespace"] +items = (option("items") or []) + [{ + apiVersion: "networking.k8s.io/v1" + kind: "NetworkPolicy" + name: "allow-dns" + namespace: "${ns.metadata.name}" + synchronize: False + data.spec: { + # select all pods in the namespace + podSelector.matchLabels: {} + # deny all traffic + policyTypes: ["Egress"] + egress: [{ + to: [{namespaceSelector.matchLabels.name = "kube-system"}] + ports: [{ + protocol: "UDP" + port = 53 + }] + }] + } +} for ns in ns_list] diff --git a/add-network-policy/README.md b/add-network-policy/README.md new file mode 100644 index 00000000..1d5f05ab --- /dev/null +++ b/add-network-policy/README.md @@ -0,0 +1,7 @@ +## Introduction + +`add-network-policy` is a KCL mutation module + +## Resource + +The Code source and documents are [here](https://github.com/kcl-lang/artifacthub/tree/main/add-network-policy) diff --git a/add-network-policy/kcl.mod b/add-network-policy/kcl.mod new file mode 100644 index 00000000..628b533d --- /dev/null +++ b/add-network-policy/kcl.mod @@ -0,0 +1,6 @@ +[package] +name = "add-network-policy" +edition = "*" +version = "0.1.0" +description = "`add-network-policy` is a KCL mutation module" + diff --git a/add-network-policy/kcl.mod.lock b/add-network-policy/kcl.mod.lock new file mode 100644 index 00000000..e69de29b diff --git a/add-network-policy/main.k b/add-network-policy/main.k new file mode 100644 index 00000000..81351665 --- /dev/null +++ b/add-network-policy/main.k @@ -0,0 +1,14 @@ +ns_list = [item.metadata.name for item in option("items") or [] if item.kind == "Namespace"] +items = (option("items") or []) + [{ + apiVersion: "networking.k8s.io/v1" + kind: "NetworkPolicy" + name: "default-deny" + namespace: "${ns.metadata.name}" + synchronize: True + data.spec: { + # select all pods in the namespace + podSelector: {} + # deny all traffic + policyTypes: ["Ingress", "Egress"] + } +} for ns in ns_list] diff --git a/add-safe-to-evict/README.md b/add-safe-to-evict/README.md new file mode 100644 index 00000000..54799990 --- /dev/null +++ b/add-safe-to-evict/README.md @@ -0,0 +1,7 @@ +## Introduction + +`add-safe-to-evict` is a KCL mutation module + +## Resource + +The Code source and documents are [here](https://github.com/kcl-lang/artifacthub/tree/main/add-safe-to-evict) diff --git a/add-safe-to-evict/kcl.mod b/add-safe-to-evict/kcl.mod new file mode 100644 index 00000000..1ace9072 --- /dev/null +++ b/add-safe-to-evict/kcl.mod @@ -0,0 +1,5 @@ +[package] +name = "add-safe-to-evict" +edition = "*" +version = "0.1.0" +description = "`add-safe-to-evict` is a KCL mutation module" diff --git a/add-safe-to-evict/main.k b/add-safe-to-evict/main.k new file mode 100644 index 00000000..3ecc7784 --- /dev/null +++ b/add-safe-to-evict/main.k @@ -0,0 +1,6 @@ +items = [item | { + if item.kind == "Pod": + metadata.annotations: { + "cluster-autoscaler.kubernetes.io/safe-to-evict": "true" + } +} for item in option("items") or []] diff --git a/cert-manager-limit-dns-names/README.md b/cert-manager-limit-dns-names/README.md new file mode 100644 index 00000000..930c79ca --- /dev/null +++ b/cert-manager-limit-dns-names/README.md @@ -0,0 +1,7 @@ +## Introduction + +`cert-manager-limit-dns-names` is a KCL validation module" + +## Resource + +The Code source and documents are [here](https://github.com/kcl-lang/artifacthub/tree/main/cert-manager-limit-dns-names) diff --git a/cert-manager-limit-dns-names/kcl.mod b/cert-manager-limit-dns-names/kcl.mod new file mode 100644 index 00000000..3ac54167 --- /dev/null +++ b/cert-manager-limit-dns-names/kcl.mod @@ -0,0 +1,4 @@ +[package] +name = "cert-manager-limit-dns-names" +version = "0.1.0" +description = "`cert-manager-limit-dns-names` is a KCL validation module" diff --git a/cert-manager-limit-dns-names/main.k b/cert-manager-limit-dns-names/main.k new file mode 100644 index 00000000..373b297e --- /dev/null +++ b/cert-manager-limit-dns-names/main.k @@ -0,0 +1,8 @@ +# Define the validation function +validate = lambda item { + if item.kind == "Certificate": + assert len(item?.spec?.dnsNames or []) <= 1, "Only one dnsNames entry allowed per certificate request." + item +} +# Validate All resource +items = [validate(i) for i in option("items") or []] diff --git a/cert-manager-limit-duration/README.md b/cert-manager-limit-duration/README.md new file mode 100644 index 00000000..80ac2020 --- /dev/null +++ b/cert-manager-limit-duration/README.md @@ -0,0 +1,7 @@ +## Introduction + +`cert-manager-limit-duration` is a KCL validation module" + +## Resource + +The Code source and documents are [here](https://github.com/kcl-lang/artifacthub/tree/main/cert-manager-limit-duration) diff --git a/cert-manager-limit-duration/kcl.mod b/cert-manager-limit-duration/kcl.mod new file mode 100644 index 00000000..4633ee0c --- /dev/null +++ b/cert-manager-limit-duration/kcl.mod @@ -0,0 +1,4 @@ +[package] +name = "cert-manager-limit-duration" +version = "0.1.0" +description = "`cert-manager-limit-duration` is a KCL validation module" diff --git a/cert-manager-limit-duration/main.k b/cert-manager-limit-duration/main.k new file mode 100644 index 00000000..94ce7668 --- /dev/null +++ b/cert-manager-limit-duration/main.k @@ -0,0 +1,11 @@ +import regex +# Define the validation function +validate = lambda item { + if item.kind == "Certificate": + if "letsencrypt" in item.spec.issuerRef.name and item.spec?.duration: + duration = int(regex.replace(item.spec?.duration, "h.*", "")) + assert 0 <= duration <= 2400, "certificate duration must be < than 2400h (100 days)" + item +} +# Validate All resource +items = [validate(i) for i in option("items") or []] diff --git a/cert-manager-restrict-issuer/README.md b/cert-manager-restrict-issuer/README.md new file mode 100644 index 00000000..3fc090ca --- /dev/null +++ b/cert-manager-restrict-issuer/README.md @@ -0,0 +1,7 @@ +## Introduction + +`cert-manager-restrict-issuer` is a KCL validation module" + +## Resource + +The Code source and documents are [here](https://github.com/kcl-lang/artifacthub/tree/main/cert-manager-restrict-issuer) diff --git a/cert-manager-restrict-issuer/kcl.mod b/cert-manager-restrict-issuer/kcl.mod new file mode 100644 index 00000000..054f0c39 --- /dev/null +++ b/cert-manager-restrict-issuer/kcl.mod @@ -0,0 +1,4 @@ +[package] +name = "cert-manager-restrict-issuer" +version = "0.1.0" +description = "`cert-manager-restrict-issuer` is a KCL validation module" diff --git a/cert-manager-restrict-issuer/main.k b/cert-manager-restrict-issuer/main.k new file mode 100644 index 00000000..117a5678 --- /dev/null +++ b/cert-manager-restrict-issuer/main.k @@ -0,0 +1,13 @@ +# Define the validation function +validate = lambda item { + if item.kind == "Certificate": + if any n in item.spec.dnsNames { + n.endswith(".corp.com") + }: + issuerRef = item.spec.issuerRef + condition = issuerRef.name == "our-corp-issuer" and issuerRef.kind == "ClusterIssuer" and issuerRef.group == "cert-manager.io" + assert condition, "When requesting a cert for this domain, you must use our corporate issuer." + item +} +# Validate All resource +items = [validate(i) for i in option("items") or []] diff --git a/consul-enforce-min-tls-version/README.md b/consul-enforce-min-tls-version/README.md new file mode 100644 index 00000000..c824d338 --- /dev/null +++ b/consul-enforce-min-tls-version/README.md @@ -0,0 +1,7 @@ +## Introduction + +`consul-enforce-min-tls-version` is a KCL validation module" + +## Resource + +The Code source and documents are [here](https://github.com/kcl-lang/artifacthub/tree/main/consul-enforce-min-tls-version) diff --git a/consul-enforce-min-tls-version/kcl.mod b/consul-enforce-min-tls-version/kcl.mod new file mode 100644 index 00000000..262dbdae --- /dev/null +++ b/consul-enforce-min-tls-version/kcl.mod @@ -0,0 +1,4 @@ +[package] +name = "consul-enforce-min-tls-version" +version = "0.1.0" +description = "`consul-enforce-min-tls-version` is a KCL validation module" diff --git a/consul-enforce-min-tls-version/main.k b/consul-enforce-min-tls-version/main.k new file mode 100644 index 00000000..4fa54019 --- /dev/null +++ b/consul-enforce-min-tls-version/main.k @@ -0,0 +1,8 @@ +# Define the validation function +validate = lambda item { + if item.kind == "Mesh": + assert item.spec.tls.incoming.tlsMinVersion == "TLSv1_2", "The minimum version of TLS is TLS v1_2" + item +} +# Validate All resource +items = [validate(i) for i in option("items") or []] diff --git a/disallow-cri-sock-mount/README.md b/disallow-cri-sock-mount/README.md new file mode 100644 index 00000000..0813b3b1 --- /dev/null +++ b/disallow-cri-sock-mount/README.md @@ -0,0 +1,7 @@ +## Introduction + +`disallow-cri-sock-mount` is a KCL validation module" + +## Resource + +The Code source and documents are [here](https://github.com/kcl-lang/artifacthub/tree/main/disallow-cri-sock-mount) diff --git a/disallow-cri-sock-mount/kcl.mod b/disallow-cri-sock-mount/kcl.mod new file mode 100644 index 00000000..6d61889c --- /dev/null +++ b/disallow-cri-sock-mount/kcl.mod @@ -0,0 +1,4 @@ +[package] +name = "disallow-cri-sock-mount" +version = "0.1.0" +description = "`disallow-cri-sock-mount` is a KCL validation module" diff --git a/disallow-cri-sock-mount/main.k b/disallow-cri-sock-mount/main.k new file mode 100644 index 00000000..0c973143 --- /dev/null +++ b/disallow-cri-sock-mount/main.k @@ -0,0 +1,22 @@ +"""Container daemon socket bind mounts allows access to the container engine on the +node. This access can be used for privilege escalation and to manage containers +outside of Kubernetes, and hence should not be allowed. This policy validates that +the sockets used for CRI engines Docker, Containerd, and CRI-O are not used. +""" + +# Define the validation function +validate = lambda item { + if item.kind == "Pod": + paths = [p.path for v in item?.spec?.volumes or [] for p in v.hostPath] + assert all p in paths { + p not in [ + "/var/run/docker.sock" + "/var/run/containerd.sock" + "/var/run/crio.sock" + "/var/run/cri-dockerd.sock" + ] + } if paths, "Use of the Docker Unix socket, Containerd Unix socket, CRI-O Unix socket and Docker CRI socket are not allowed." + item +} +# Validate All resource +items = [validate(i) for i in option("items") or []] diff --git a/disallow-default-namespace/README.md b/disallow-default-namespace/README.md new file mode 100644 index 00000000..da080fc8 --- /dev/null +++ b/disallow-default-namespace/README.md @@ -0,0 +1,7 @@ +## Introduction + +`disallow-default-namespace` is a KCL validation module" + +## Resource + +The Code source and documents are [here](https://github.com/kcl-lang/artifacthub/tree/main/disallow-default-namespace) diff --git a/disallow-default-namespace/kcl.mod b/disallow-default-namespace/kcl.mod new file mode 100644 index 00000000..c18bfe35 --- /dev/null +++ b/disallow-default-namespace/kcl.mod @@ -0,0 +1,4 @@ +[package] +name = "disallow-default-namespace" +version = "0.1.0" +description = "`disallow-default-namespace` is a KCL validation module" diff --git a/disallow-default-namespace/main.k b/disallow-default-namespace/main.k new file mode 100644 index 00000000..b5fe1869 --- /dev/null +++ b/disallow-default-namespace/main.k @@ -0,0 +1,17 @@ +kinds: [str] = option("params")?.kinds or option("kinds") or [ + "Pod" + "DaemonSet" + "Deployment" + "Job" + "StatefulSet" +] + +# Define the validation function +validate = lambda item { + if item.kind in kinds: + ns = item?.matadata?.namespace or "default" + assert ns != "Using 'default' namespace is not allowed for ${item.kind}: ${item.metadata.name}" + item +} +# Validate All resource +items = [validate(i) for i in option("items") or []] diff --git a/disallow-empty-ingress-host/README.md b/disallow-empty-ingress-host/README.md new file mode 100644 index 00000000..2283ff2b --- /dev/null +++ b/disallow-empty-ingress-host/README.md @@ -0,0 +1,7 @@ +## Introduction + +`disallow-empty-ingress-host` is a KCL validation module" + +## Resource + +The Code source and documents are [here](https://github.com/kcl-lang/artifacthub/tree/main/disallow-empty-ingress-host) diff --git a/disallow-empty-ingress-host/kcl.mod b/disallow-empty-ingress-host/kcl.mod new file mode 100644 index 00000000..9a23e965 --- /dev/null +++ b/disallow-empty-ingress-host/kcl.mod @@ -0,0 +1,4 @@ +[package] +name = "disallow-empty-ingress-host" +version = "0.1.0" +description = "`disallow-empty-ingress-host` is a KCL validation module" diff --git a/disallow-empty-ingress-host/main.k b/disallow-empty-ingress-host/main.k new file mode 100644 index 00000000..96261417 --- /dev/null +++ b/disallow-empty-ingress-host/main.k @@ -0,0 +1,14 @@ +"""An ingress resource needs to define an actual host name +in order to be valid. This policy ensures that there is a +hostname for each rule defined. +""" + +# Define the validation function +validate = lambda item { + if item.kind == "Ingress": + host_list = [r.host for r in item?.spec?.rules if not r.host] + assert len(host_list) == 0, "The Ingress host name must be defined, not empty." + item +} +# Validate All resource +items = [validate(i) for i in option("items") or []] diff --git a/disallow-helm-tiller/README.md b/disallow-helm-tiller/README.md new file mode 100644 index 00000000..8a2373cd --- /dev/null +++ b/disallow-helm-tiller/README.md @@ -0,0 +1,7 @@ +## Introduction + +`disallow-helm-tiller` is a KCL validation module" + +## Resource + +The Code source and documents are [here](https://github.com/kcl-lang/artifacthub/tree/main/disallow-helm-tiller) diff --git a/disallow-helm-tiller/kcl.mod b/disallow-helm-tiller/kcl.mod new file mode 100644 index 00000000..7a840bda --- /dev/null +++ b/disallow-helm-tiller/kcl.mod @@ -0,0 +1,4 @@ +[package] +name = "disallow-helm-tiller" +version = "0.1.0" +description = "`disallow-helm-tiller` is a KCL validation module" diff --git a/disallow-helm-tiller/main.k b/disallow-helm-tiller/main.k new file mode 100644 index 00000000..35e8ad30 --- /dev/null +++ b/disallow-helm-tiller/main.k @@ -0,0 +1,22 @@ +"""Tiller, found in Helm v2, has known security challenges. It requires administrative privileges and acts as a shared +resource accessible to any authenticated user. Tiller can lead to privilege escalation as +restricted users can impact other users. It is recommend to use Helm v3+ which does not contain +Tiller for these reasons. This policy validates that there is not an image +containing the name `tiller`. +""" + +# Define the validation function +validate = lambda item: {str:} { + containers: [{str:}] = [] + if item.kind == "Pod": + containers = (item?.spec?.containers or []) + (item?.spec?.phemeralContainers or []) + (item?.spec?.initContainers or []) + elif item.kind == "Deployment": + containers = (item?.spec?.template?.spec?.containers or []) + (item?.spec?.template?.spec?.phemeralContainers or []) + (item?.spec?.template?.spec?.initContainers or []) + images: [str] = [c.image for c in containers] + assert all image in images { + "tiller" not in image + } if images, """Helm Tiller is not allowed for ${item.kind}: ${item.metadata.name}""" + item +} +# Validate All resource +items = [validate(i) for i in option("items")] diff --git a/disallow-image-repos/README.md b/disallow-image-repos/README.md new file mode 100644 index 00000000..8a3efd53 --- /dev/null +++ b/disallow-image-repos/README.md @@ -0,0 +1,5 @@ +## Introduction + +## Resource + +Code source and document is [here](https://github.com/kcl-lang/artifacthub/tree/main/disallow-image-repos) diff --git a/disallow-image-repos/kcl.mod b/disallow-image-repos/kcl.mod new file mode 100644 index 00000000..add117af --- /dev/null +++ b/disallow-image-repos/kcl.mod @@ -0,0 +1,4 @@ +[package] +name = "disallow-image-repos" +version = "0.1.0" +description = "`disallow-image-repos` is a kcl validation package" diff --git a/disallow-image-repos/main.k b/disallow-image-repos/main.k new file mode 100644 index 00000000..51281ff2 --- /dev/null +++ b/disallow-image-repos/main.k @@ -0,0 +1,23 @@ +"""Disallowed container image repositories that begin with a string from the specified list. +""" + +# The list of prefixes a container image is allowed to have. +repos: [str] = option("params").repos or [] + +# Define the validation function +validate = lambda item { + containers = [] + if item.kind == "Pod" and repos: + containers = (item.spec.containers or []) + (item.spec.phemeralContainers or []) + (item.spec.initContainers or []) + elif item.kind == "Deployment": + containers = (item.spec.template.spec.containers or []) + (item.spec.template.spec.phemeralContainers or []) + (item.spec.template.spec.initContainers or []) + images: [str] = [c.image for c in containers] + assert all image in images { + all repo in repos { + not image.startswith(repo) + } + } if images and repos, """Use of image is disallowed for ${item.kind}: ${item.metadata.name}, valid repos ${repos}""" + item +} +# Validate All resource +items = [validate(i) for i in option("items")] diff --git a/disallow-latest-tag/README.md b/disallow-latest-tag/README.md new file mode 100644 index 00000000..4fa0c219 --- /dev/null +++ b/disallow-latest-tag/README.md @@ -0,0 +1,7 @@ +## Introduction + +`disallow-latest-tag` is a KCL validation module" + +## Resource + +The Code source and documents are [here](https://github.com/kcl-lang/artifacthub/tree/main/disallow-latest-tag) diff --git a/disallow-latest-tag/kcl.mod b/disallow-latest-tag/kcl.mod new file mode 100644 index 00000000..ed8797b0 --- /dev/null +++ b/disallow-latest-tag/kcl.mod @@ -0,0 +1,4 @@ +[package] +name = "disallow-latest-tag" +version = "0.1.0" +description = "`disallow-latest-tag` is a KCL validation module" diff --git a/disallow-latest-tag/main.k b/disallow-latest-tag/main.k new file mode 100644 index 00000000..13ceae9a --- /dev/null +++ b/disallow-latest-tag/main.k @@ -0,0 +1,18 @@ +"""Disallowed container image repositories that begin with a string from the specified list. +""" + +# Define the validation function +validate = lambda item { + containers = [] + if item.kind == "Pod": + containers = (item.spec.containers or []) + (item.spec.phemeralContainers or []) + (item.spec.initContainers or []) + elif item.kind == "Deployment": + containers = (item.spec.template.spec.containers or []) + (item.spec.template.spec.phemeralContainers or []) + (item.spec.template.spec.initContainers or []) + images: [str] = [c.image for c in containers] + assert all image in images { + not image.endswith(":latest") + } if images, """Using a mutable image tag e.g. 'latest' is not allowed for ${item.kind}: ${item.metadata.name}""" + item +} +# Validate All resource +items = [validate(i) for i in option("items")] From a74832092f1b7089b1a62cd8239b249724563a99 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Sun, 12 Nov 2023 06:50:37 +0000 Subject: [PATCH 5/5] Updata artifacthub-pkg.yaml --- .../0.1.0/README.md | 16 ++++++++++++ .../0.1.0/artifacthub-pkg.yaml | 25 +++++++++++++++++++ .../add-network-policy-dns/0.1.0/README.md | 7 ++++++ .../0.1.0/artifacthub-pkg.yaml | 25 +++++++++++++++++++ .../add-network-policy/0.1.0/README.md | 7 ++++++ .../0.1.0/artifacthub-pkg.yaml | 25 +++++++++++++++++++ .../add-safe-to-evict/0.1.0/README.md | 7 ++++++ .../0.1.0/artifacthub-pkg.yaml | 25 +++++++++++++++++++ .../0.1.0/README.md | 7 ++++++ .../0.1.0/artifacthub-pkg.yaml | 25 +++++++++++++++++++ .../0.1.0/README.md | 7 ++++++ .../0.1.0/artifacthub-pkg.yaml | 25 +++++++++++++++++++ .../0.1.0/README.md | 7 ++++++ .../0.1.0/artifacthub-pkg.yaml | 25 +++++++++++++++++++ .../0.1.0/README.md | 7 ++++++ .../0.1.0/artifacthub-pkg.yaml | 25 +++++++++++++++++++ .../disallow-cri-sock-mount/0.1.0/README.md | 7 ++++++ .../0.1.0/artifacthub-pkg.yaml | 25 +++++++++++++++++++ .../0.1.0/README.md | 7 ++++++ .../0.1.0/artifacthub-pkg.yaml | 25 +++++++++++++++++++ .../0.1.0/README.md | 7 ++++++ .../0.1.0/artifacthub-pkg.yaml | 25 +++++++++++++++++++ .../disallow-helm-tiller/0.1.0/README.md | 7 ++++++ .../0.1.0/artifacthub-pkg.yaml | 25 +++++++++++++++++++ .../disallow-image-repos/0.1.0/README.md | 5 ++++ .../0.1.0/artifacthub-pkg.yaml | 25 +++++++++++++++++++ .../disallow-latest-tag/0.1.0/README.md | 7 ++++++ .../0.1.0/artifacthub-pkg.yaml | 25 +++++++++++++++++++ 28 files changed, 455 insertions(+) create mode 100644 .integration/artifacthub/add-castai-removal-disabled/0.1.0/README.md create mode 100644 .integration/artifacthub/add-castai-removal-disabled/0.1.0/artifacthub-pkg.yaml create mode 100644 .integration/artifacthub/add-network-policy-dns/0.1.0/README.md create mode 100644 .integration/artifacthub/add-network-policy-dns/0.1.0/artifacthub-pkg.yaml create mode 100644 .integration/artifacthub/add-network-policy/0.1.0/README.md create mode 100644 .integration/artifacthub/add-network-policy/0.1.0/artifacthub-pkg.yaml create mode 100644 .integration/artifacthub/add-safe-to-evict/0.1.0/README.md create mode 100644 .integration/artifacthub/add-safe-to-evict/0.1.0/artifacthub-pkg.yaml create mode 100644 .integration/artifacthub/cert-manager-limit-dns-names/0.1.0/README.md create mode 100644 .integration/artifacthub/cert-manager-limit-dns-names/0.1.0/artifacthub-pkg.yaml create mode 100644 .integration/artifacthub/cert-manager-limit-duration/0.1.0/README.md create mode 100644 .integration/artifacthub/cert-manager-limit-duration/0.1.0/artifacthub-pkg.yaml create mode 100644 .integration/artifacthub/cert-manager-restrict-issuer/0.1.0/README.md create mode 100644 .integration/artifacthub/cert-manager-restrict-issuer/0.1.0/artifacthub-pkg.yaml create mode 100644 .integration/artifacthub/consul-enforce-min-tls-version/0.1.0/README.md create mode 100644 .integration/artifacthub/consul-enforce-min-tls-version/0.1.0/artifacthub-pkg.yaml create mode 100644 .integration/artifacthub/disallow-cri-sock-mount/0.1.0/README.md create mode 100644 .integration/artifacthub/disallow-cri-sock-mount/0.1.0/artifacthub-pkg.yaml create mode 100644 .integration/artifacthub/disallow-default-namespace/0.1.0/README.md create mode 100644 .integration/artifacthub/disallow-default-namespace/0.1.0/artifacthub-pkg.yaml create mode 100644 .integration/artifacthub/disallow-empty-ingress-host/0.1.0/README.md create mode 100644 .integration/artifacthub/disallow-empty-ingress-host/0.1.0/artifacthub-pkg.yaml create mode 100644 .integration/artifacthub/disallow-helm-tiller/0.1.0/README.md create mode 100644 .integration/artifacthub/disallow-helm-tiller/0.1.0/artifacthub-pkg.yaml create mode 100644 .integration/artifacthub/disallow-image-repos/0.1.0/README.md create mode 100644 .integration/artifacthub/disallow-image-repos/0.1.0/artifacthub-pkg.yaml create mode 100644 .integration/artifacthub/disallow-latest-tag/0.1.0/README.md create mode 100644 .integration/artifacthub/disallow-latest-tag/0.1.0/artifacthub-pkg.yaml diff --git a/.integration/artifacthub/add-castai-removal-disabled/0.1.0/README.md b/.integration/artifacthub/add-castai-removal-disabled/0.1.0/README.md new file mode 100644 index 00000000..63187a54 --- /dev/null +++ b/.integration/artifacthub/add-castai-removal-disabled/0.1.0/README.md @@ -0,0 +1,16 @@ +## Introduction + +`add-castai-removal-disabled` is a KCL mutation package. + +## How to Use + +Add the source to your `KCLRun`` resource and use the [kubectl kcl plugin](https://kcl-lang.io/docs/user_docs/guides/working-with-k8s/mutate-manifests/kubectl-kcl-plugin) or the [kcl operator](https://kcl-lang.io/docs/user_docs/guides/working-with-k8s/mutate-manifests/kcl-operator) to integrate this model. + +```yaml +apiVersion: krm.kcl.dev/v1alpha1 +kind: KCLRun +metadata: + name: add-castai-removal-disabled +spec: + source: oci://ghcr.io/kcl-lang/add-castai-removal-disabled +``` diff --git a/.integration/artifacthub/add-castai-removal-disabled/0.1.0/artifacthub-pkg.yaml b/.integration/artifacthub/add-castai-removal-disabled/0.1.0/artifacthub-pkg.yaml new file mode 100644 index 00000000..97754dad --- /dev/null +++ b/.integration/artifacthub/add-castai-removal-disabled/0.1.0/artifacthub-pkg.yaml @@ -0,0 +1,25 @@ +version: 0.1.0 +name: add-castai-removal-disabled +displayName: add-castai-removal-disabled +createdAt: "2023-11-12T06:48:51Z" +description: '`add-castai-removal-disabled` is a kcl mutation package.' +links: +- name: KCL homepage + url: https://kcl-lang.io/ +- name: KCL repo + url: https://github.com/kcl-lang/kcl +install: | + #### Add `add-castai-removal-disabled` with tag `0.1.0` as dependency + ``` + kpm add add-castai-removal-disabled:0.1.0 + ``` + + #### Pull `add-castai-removal-disabled` with tag `0.1.0` to local + ``` + kpm pull add-castai-removal-disabled:0.1.0 + ``` +maintainers: +- name: kcl-lang.io + email: kcl-lang.io@domainsbyproxy.com +provider: + name: kcl-lang.io diff --git a/.integration/artifacthub/add-network-policy-dns/0.1.0/README.md b/.integration/artifacthub/add-network-policy-dns/0.1.0/README.md new file mode 100644 index 00000000..71245d84 --- /dev/null +++ b/.integration/artifacthub/add-network-policy-dns/0.1.0/README.md @@ -0,0 +1,7 @@ +## Introduction + +`add-network-policy-dns` is a KCL mutation module + +## Resource + +The Code source and documents are [here](https://github.com/kcl-lang/artifacthub/tree/main/add-network-policy-dns) diff --git a/.integration/artifacthub/add-network-policy-dns/0.1.0/artifacthub-pkg.yaml b/.integration/artifacthub/add-network-policy-dns/0.1.0/artifacthub-pkg.yaml new file mode 100644 index 00000000..beee07c3 --- /dev/null +++ b/.integration/artifacthub/add-network-policy-dns/0.1.0/artifacthub-pkg.yaml @@ -0,0 +1,25 @@ +version: 0.1.0 +name: add-network-policy-dns +displayName: add-network-policy-dns +createdAt: "2023-11-12T06:48:54Z" +description: '`add-network-policy-dns` is a KCL mutation module' +links: +- name: KCL homepage + url: https://kcl-lang.io/ +- name: KCL repo + url: https://github.com/kcl-lang/kcl +install: | + #### Add `add-network-policy-dns` with tag `0.1.0` as dependency + ``` + kpm add add-network-policy-dns:0.1.0 + ``` + + #### Pull `add-network-policy-dns` with tag `0.1.0` to local + ``` + kpm pull add-network-policy-dns:0.1.0 + ``` +maintainers: +- name: kcl-lang.io + email: kcl-lang.io@domainsbyproxy.com +provider: + name: kcl-lang.io diff --git a/.integration/artifacthub/add-network-policy/0.1.0/README.md b/.integration/artifacthub/add-network-policy/0.1.0/README.md new file mode 100644 index 00000000..1d5f05ab --- /dev/null +++ b/.integration/artifacthub/add-network-policy/0.1.0/README.md @@ -0,0 +1,7 @@ +## Introduction + +`add-network-policy` is a KCL mutation module + +## Resource + +The Code source and documents are [here](https://github.com/kcl-lang/artifacthub/tree/main/add-network-policy) diff --git a/.integration/artifacthub/add-network-policy/0.1.0/artifacthub-pkg.yaml b/.integration/artifacthub/add-network-policy/0.1.0/artifacthub-pkg.yaml new file mode 100644 index 00000000..133f6344 --- /dev/null +++ b/.integration/artifacthub/add-network-policy/0.1.0/artifacthub-pkg.yaml @@ -0,0 +1,25 @@ +version: 0.1.0 +name: add-network-policy +displayName: add-network-policy +createdAt: "2023-11-12T06:48:56Z" +description: '`add-network-policy` is a KCL mutation module' +links: +- name: KCL homepage + url: https://kcl-lang.io/ +- name: KCL repo + url: https://github.com/kcl-lang/kcl +install: | + #### Add `add-network-policy` with tag `0.1.0` as dependency + ``` + kpm add add-network-policy:0.1.0 + ``` + + #### Pull `add-network-policy` with tag `0.1.0` to local + ``` + kpm pull add-network-policy:0.1.0 + ``` +maintainers: +- name: kcl-lang.io + email: kcl-lang.io@domainsbyproxy.com +provider: + name: kcl-lang.io diff --git a/.integration/artifacthub/add-safe-to-evict/0.1.0/README.md b/.integration/artifacthub/add-safe-to-evict/0.1.0/README.md new file mode 100644 index 00000000..54799990 --- /dev/null +++ b/.integration/artifacthub/add-safe-to-evict/0.1.0/README.md @@ -0,0 +1,7 @@ +## Introduction + +`add-safe-to-evict` is a KCL mutation module + +## Resource + +The Code source and documents are [here](https://github.com/kcl-lang/artifacthub/tree/main/add-safe-to-evict) diff --git a/.integration/artifacthub/add-safe-to-evict/0.1.0/artifacthub-pkg.yaml b/.integration/artifacthub/add-safe-to-evict/0.1.0/artifacthub-pkg.yaml new file mode 100644 index 00000000..218157d0 --- /dev/null +++ b/.integration/artifacthub/add-safe-to-evict/0.1.0/artifacthub-pkg.yaml @@ -0,0 +1,25 @@ +version: 0.1.0 +name: add-safe-to-evict +displayName: add-safe-to-evict +createdAt: "2023-11-12T06:48:58Z" +description: '`add-safe-to-evict` is a KCL mutation module' +links: +- name: KCL homepage + url: https://kcl-lang.io/ +- name: KCL repo + url: https://github.com/kcl-lang/kcl +install: | + #### Add `add-safe-to-evict` with tag `0.1.0` as dependency + ``` + kpm add add-safe-to-evict:0.1.0 + ``` + + #### Pull `add-safe-to-evict` with tag `0.1.0` to local + ``` + kpm pull add-safe-to-evict:0.1.0 + ``` +maintainers: +- name: kcl-lang.io + email: kcl-lang.io@domainsbyproxy.com +provider: + name: kcl-lang.io diff --git a/.integration/artifacthub/cert-manager-limit-dns-names/0.1.0/README.md b/.integration/artifacthub/cert-manager-limit-dns-names/0.1.0/README.md new file mode 100644 index 00000000..930c79ca --- /dev/null +++ b/.integration/artifacthub/cert-manager-limit-dns-names/0.1.0/README.md @@ -0,0 +1,7 @@ +## Introduction + +`cert-manager-limit-dns-names` is a KCL validation module" + +## Resource + +The Code source and documents are [here](https://github.com/kcl-lang/artifacthub/tree/main/cert-manager-limit-dns-names) diff --git a/.integration/artifacthub/cert-manager-limit-dns-names/0.1.0/artifacthub-pkg.yaml b/.integration/artifacthub/cert-manager-limit-dns-names/0.1.0/artifacthub-pkg.yaml new file mode 100644 index 00000000..6a774d4b --- /dev/null +++ b/.integration/artifacthub/cert-manager-limit-dns-names/0.1.0/artifacthub-pkg.yaml @@ -0,0 +1,25 @@ +version: 0.1.0 +name: cert-manager-limit-dns-names +displayName: cert-manager-limit-dns-names +createdAt: "2023-11-12T06:49:01Z" +description: '`cert-manager-limit-dns-names` is a KCL validation module' +links: +- name: KCL homepage + url: https://kcl-lang.io/ +- name: KCL repo + url: https://github.com/kcl-lang/kcl +install: | + #### Add `cert-manager-limit-dns-names` with tag `0.1.0` as dependency + ``` + kpm add cert-manager-limit-dns-names:0.1.0 + ``` + + #### Pull `cert-manager-limit-dns-names` with tag `0.1.0` to local + ``` + kpm pull cert-manager-limit-dns-names:0.1.0 + ``` +maintainers: +- name: kcl-lang.io + email: kcl-lang.io@domainsbyproxy.com +provider: + name: kcl-lang.io diff --git a/.integration/artifacthub/cert-manager-limit-duration/0.1.0/README.md b/.integration/artifacthub/cert-manager-limit-duration/0.1.0/README.md new file mode 100644 index 00000000..80ac2020 --- /dev/null +++ b/.integration/artifacthub/cert-manager-limit-duration/0.1.0/README.md @@ -0,0 +1,7 @@ +## Introduction + +`cert-manager-limit-duration` is a KCL validation module" + +## Resource + +The Code source and documents are [here](https://github.com/kcl-lang/artifacthub/tree/main/cert-manager-limit-duration) diff --git a/.integration/artifacthub/cert-manager-limit-duration/0.1.0/artifacthub-pkg.yaml b/.integration/artifacthub/cert-manager-limit-duration/0.1.0/artifacthub-pkg.yaml new file mode 100644 index 00000000..1de76807 --- /dev/null +++ b/.integration/artifacthub/cert-manager-limit-duration/0.1.0/artifacthub-pkg.yaml @@ -0,0 +1,25 @@ +version: 0.1.0 +name: cert-manager-limit-duration +displayName: cert-manager-limit-duration +createdAt: "2023-11-12T06:49:03Z" +description: '`cert-manager-limit-duration` is a KCL validation module' +links: +- name: KCL homepage + url: https://kcl-lang.io/ +- name: KCL repo + url: https://github.com/kcl-lang/kcl +install: | + #### Add `cert-manager-limit-duration` with tag `0.1.0` as dependency + ``` + kpm add cert-manager-limit-duration:0.1.0 + ``` + + #### Pull `cert-manager-limit-duration` with tag `0.1.0` to local + ``` + kpm pull cert-manager-limit-duration:0.1.0 + ``` +maintainers: +- name: kcl-lang.io + email: kcl-lang.io@domainsbyproxy.com +provider: + name: kcl-lang.io diff --git a/.integration/artifacthub/cert-manager-restrict-issuer/0.1.0/README.md b/.integration/artifacthub/cert-manager-restrict-issuer/0.1.0/README.md new file mode 100644 index 00000000..3fc090ca --- /dev/null +++ b/.integration/artifacthub/cert-manager-restrict-issuer/0.1.0/README.md @@ -0,0 +1,7 @@ +## Introduction + +`cert-manager-restrict-issuer` is a KCL validation module" + +## Resource + +The Code source and documents are [here](https://github.com/kcl-lang/artifacthub/tree/main/cert-manager-restrict-issuer) diff --git a/.integration/artifacthub/cert-manager-restrict-issuer/0.1.0/artifacthub-pkg.yaml b/.integration/artifacthub/cert-manager-restrict-issuer/0.1.0/artifacthub-pkg.yaml new file mode 100644 index 00000000..ca90b81b --- /dev/null +++ b/.integration/artifacthub/cert-manager-restrict-issuer/0.1.0/artifacthub-pkg.yaml @@ -0,0 +1,25 @@ +version: 0.1.0 +name: cert-manager-restrict-issuer +displayName: cert-manager-restrict-issuer +createdAt: "2023-11-12T06:49:05Z" +description: '`cert-manager-restrict-issuer` is a KCL validation module' +links: +- name: KCL homepage + url: https://kcl-lang.io/ +- name: KCL repo + url: https://github.com/kcl-lang/kcl +install: | + #### Add `cert-manager-restrict-issuer` with tag `0.1.0` as dependency + ``` + kpm add cert-manager-restrict-issuer:0.1.0 + ``` + + #### Pull `cert-manager-restrict-issuer` with tag `0.1.0` to local + ``` + kpm pull cert-manager-restrict-issuer:0.1.0 + ``` +maintainers: +- name: kcl-lang.io + email: kcl-lang.io@domainsbyproxy.com +provider: + name: kcl-lang.io diff --git a/.integration/artifacthub/consul-enforce-min-tls-version/0.1.0/README.md b/.integration/artifacthub/consul-enforce-min-tls-version/0.1.0/README.md new file mode 100644 index 00000000..c824d338 --- /dev/null +++ b/.integration/artifacthub/consul-enforce-min-tls-version/0.1.0/README.md @@ -0,0 +1,7 @@ +## Introduction + +`consul-enforce-min-tls-version` is a KCL validation module" + +## Resource + +The Code source and documents are [here](https://github.com/kcl-lang/artifacthub/tree/main/consul-enforce-min-tls-version) diff --git a/.integration/artifacthub/consul-enforce-min-tls-version/0.1.0/artifacthub-pkg.yaml b/.integration/artifacthub/consul-enforce-min-tls-version/0.1.0/artifacthub-pkg.yaml new file mode 100644 index 00000000..909277a6 --- /dev/null +++ b/.integration/artifacthub/consul-enforce-min-tls-version/0.1.0/artifacthub-pkg.yaml @@ -0,0 +1,25 @@ +version: 0.1.0 +name: consul-enforce-min-tls-version +displayName: consul-enforce-min-tls-version +createdAt: "2023-11-12T06:49:07Z" +description: '`consul-enforce-min-tls-version` is a KCL validation module' +links: +- name: KCL homepage + url: https://kcl-lang.io/ +- name: KCL repo + url: https://github.com/kcl-lang/kcl +install: | + #### Add `consul-enforce-min-tls-version` with tag `0.1.0` as dependency + ``` + kpm add consul-enforce-min-tls-version:0.1.0 + ``` + + #### Pull `consul-enforce-min-tls-version` with tag `0.1.0` to local + ``` + kpm pull consul-enforce-min-tls-version:0.1.0 + ``` +maintainers: +- name: kcl-lang.io + email: kcl-lang.io@domainsbyproxy.com +provider: + name: kcl-lang.io diff --git a/.integration/artifacthub/disallow-cri-sock-mount/0.1.0/README.md b/.integration/artifacthub/disallow-cri-sock-mount/0.1.0/README.md new file mode 100644 index 00000000..0813b3b1 --- /dev/null +++ b/.integration/artifacthub/disallow-cri-sock-mount/0.1.0/README.md @@ -0,0 +1,7 @@ +## Introduction + +`disallow-cri-sock-mount` is a KCL validation module" + +## Resource + +The Code source and documents are [here](https://github.com/kcl-lang/artifacthub/tree/main/disallow-cri-sock-mount) diff --git a/.integration/artifacthub/disallow-cri-sock-mount/0.1.0/artifacthub-pkg.yaml b/.integration/artifacthub/disallow-cri-sock-mount/0.1.0/artifacthub-pkg.yaml new file mode 100644 index 00000000..09c1b951 --- /dev/null +++ b/.integration/artifacthub/disallow-cri-sock-mount/0.1.0/artifacthub-pkg.yaml @@ -0,0 +1,25 @@ +version: 0.1.0 +name: disallow-cri-sock-mount +displayName: disallow-cri-sock-mount +createdAt: "2023-11-12T06:49:09Z" +description: '`disallow-cri-sock-mount` is a KCL validation module' +links: +- name: KCL homepage + url: https://kcl-lang.io/ +- name: KCL repo + url: https://github.com/kcl-lang/kcl +install: | + #### Add `disallow-cri-sock-mount` with tag `0.1.0` as dependency + ``` + kpm add disallow-cri-sock-mount:0.1.0 + ``` + + #### Pull `disallow-cri-sock-mount` with tag `0.1.0` to local + ``` + kpm pull disallow-cri-sock-mount:0.1.0 + ``` +maintainers: +- name: kcl-lang.io + email: kcl-lang.io@domainsbyproxy.com +provider: + name: kcl-lang.io diff --git a/.integration/artifacthub/disallow-default-namespace/0.1.0/README.md b/.integration/artifacthub/disallow-default-namespace/0.1.0/README.md new file mode 100644 index 00000000..da080fc8 --- /dev/null +++ b/.integration/artifacthub/disallow-default-namespace/0.1.0/README.md @@ -0,0 +1,7 @@ +## Introduction + +`disallow-default-namespace` is a KCL validation module" + +## Resource + +The Code source and documents are [here](https://github.com/kcl-lang/artifacthub/tree/main/disallow-default-namespace) diff --git a/.integration/artifacthub/disallow-default-namespace/0.1.0/artifacthub-pkg.yaml b/.integration/artifacthub/disallow-default-namespace/0.1.0/artifacthub-pkg.yaml new file mode 100644 index 00000000..e2721d1e --- /dev/null +++ b/.integration/artifacthub/disallow-default-namespace/0.1.0/artifacthub-pkg.yaml @@ -0,0 +1,25 @@ +version: 0.1.0 +name: disallow-default-namespace +displayName: disallow-default-namespace +createdAt: "2023-11-12T06:49:12Z" +description: '`disallow-default-namespace` is a KCL validation module' +links: +- name: KCL homepage + url: https://kcl-lang.io/ +- name: KCL repo + url: https://github.com/kcl-lang/kcl +install: | + #### Add `disallow-default-namespace` with tag `0.1.0` as dependency + ``` + kpm add disallow-default-namespace:0.1.0 + ``` + + #### Pull `disallow-default-namespace` with tag `0.1.0` to local + ``` + kpm pull disallow-default-namespace:0.1.0 + ``` +maintainers: +- name: kcl-lang.io + email: kcl-lang.io@domainsbyproxy.com +provider: + name: kcl-lang.io diff --git a/.integration/artifacthub/disallow-empty-ingress-host/0.1.0/README.md b/.integration/artifacthub/disallow-empty-ingress-host/0.1.0/README.md new file mode 100644 index 00000000..2283ff2b --- /dev/null +++ b/.integration/artifacthub/disallow-empty-ingress-host/0.1.0/README.md @@ -0,0 +1,7 @@ +## Introduction + +`disallow-empty-ingress-host` is a KCL validation module" + +## Resource + +The Code source and documents are [here](https://github.com/kcl-lang/artifacthub/tree/main/disallow-empty-ingress-host) diff --git a/.integration/artifacthub/disallow-empty-ingress-host/0.1.0/artifacthub-pkg.yaml b/.integration/artifacthub/disallow-empty-ingress-host/0.1.0/artifacthub-pkg.yaml new file mode 100644 index 00000000..d5d68282 --- /dev/null +++ b/.integration/artifacthub/disallow-empty-ingress-host/0.1.0/artifacthub-pkg.yaml @@ -0,0 +1,25 @@ +version: 0.1.0 +name: disallow-empty-ingress-host +displayName: disallow-empty-ingress-host +createdAt: "2023-11-12T06:49:14Z" +description: '`disallow-empty-ingress-host` is a KCL validation module' +links: +- name: KCL homepage + url: https://kcl-lang.io/ +- name: KCL repo + url: https://github.com/kcl-lang/kcl +install: | + #### Add `disallow-empty-ingress-host` with tag `0.1.0` as dependency + ``` + kpm add disallow-empty-ingress-host:0.1.0 + ``` + + #### Pull `disallow-empty-ingress-host` with tag `0.1.0` to local + ``` + kpm pull disallow-empty-ingress-host:0.1.0 + ``` +maintainers: +- name: kcl-lang.io + email: kcl-lang.io@domainsbyproxy.com +provider: + name: kcl-lang.io diff --git a/.integration/artifacthub/disallow-helm-tiller/0.1.0/README.md b/.integration/artifacthub/disallow-helm-tiller/0.1.0/README.md new file mode 100644 index 00000000..8a2373cd --- /dev/null +++ b/.integration/artifacthub/disallow-helm-tiller/0.1.0/README.md @@ -0,0 +1,7 @@ +## Introduction + +`disallow-helm-tiller` is a KCL validation module" + +## Resource + +The Code source and documents are [here](https://github.com/kcl-lang/artifacthub/tree/main/disallow-helm-tiller) diff --git a/.integration/artifacthub/disallow-helm-tiller/0.1.0/artifacthub-pkg.yaml b/.integration/artifacthub/disallow-helm-tiller/0.1.0/artifacthub-pkg.yaml new file mode 100644 index 00000000..2613c6d2 --- /dev/null +++ b/.integration/artifacthub/disallow-helm-tiller/0.1.0/artifacthub-pkg.yaml @@ -0,0 +1,25 @@ +version: 0.1.0 +name: disallow-helm-tiller +displayName: disallow-helm-tiller +createdAt: "2023-11-12T06:49:16Z" +description: '`disallow-helm-tiller` is a KCL validation module' +links: +- name: KCL homepage + url: https://kcl-lang.io/ +- name: KCL repo + url: https://github.com/kcl-lang/kcl +install: | + #### Add `disallow-helm-tiller` with tag `0.1.0` as dependency + ``` + kpm add disallow-helm-tiller:0.1.0 + ``` + + #### Pull `disallow-helm-tiller` with tag `0.1.0` to local + ``` + kpm pull disallow-helm-tiller:0.1.0 + ``` +maintainers: +- name: kcl-lang.io + email: kcl-lang.io@domainsbyproxy.com +provider: + name: kcl-lang.io diff --git a/.integration/artifacthub/disallow-image-repos/0.1.0/README.md b/.integration/artifacthub/disallow-image-repos/0.1.0/README.md new file mode 100644 index 00000000..8a3efd53 --- /dev/null +++ b/.integration/artifacthub/disallow-image-repos/0.1.0/README.md @@ -0,0 +1,5 @@ +## Introduction + +## Resource + +Code source and document is [here](https://github.com/kcl-lang/artifacthub/tree/main/disallow-image-repos) diff --git a/.integration/artifacthub/disallow-image-repos/0.1.0/artifacthub-pkg.yaml b/.integration/artifacthub/disallow-image-repos/0.1.0/artifacthub-pkg.yaml new file mode 100644 index 00000000..5b00a81e --- /dev/null +++ b/.integration/artifacthub/disallow-image-repos/0.1.0/artifacthub-pkg.yaml @@ -0,0 +1,25 @@ +version: 0.1.0 +name: disallow-image-repos +displayName: disallow-image-repos +createdAt: "2023-11-12T06:49:19Z" +description: '`disallow-image-repos` is a kcl validation package' +links: +- name: KCL homepage + url: https://kcl-lang.io/ +- name: KCL repo + url: https://github.com/kcl-lang/kcl +install: | + #### Add `disallow-image-repos` with tag `0.1.0` as dependency + ``` + kpm add disallow-image-repos:0.1.0 + ``` + + #### Pull `disallow-image-repos` with tag `0.1.0` to local + ``` + kpm pull disallow-image-repos:0.1.0 + ``` +maintainers: +- name: kcl-lang.io + email: kcl-lang.io@domainsbyproxy.com +provider: + name: kcl-lang.io diff --git a/.integration/artifacthub/disallow-latest-tag/0.1.0/README.md b/.integration/artifacthub/disallow-latest-tag/0.1.0/README.md new file mode 100644 index 00000000..4fa0c219 --- /dev/null +++ b/.integration/artifacthub/disallow-latest-tag/0.1.0/README.md @@ -0,0 +1,7 @@ +## Introduction + +`disallow-latest-tag` is a KCL validation module" + +## Resource + +The Code source and documents are [here](https://github.com/kcl-lang/artifacthub/tree/main/disallow-latest-tag) diff --git a/.integration/artifacthub/disallow-latest-tag/0.1.0/artifacthub-pkg.yaml b/.integration/artifacthub/disallow-latest-tag/0.1.0/artifacthub-pkg.yaml new file mode 100644 index 00000000..6f39297b --- /dev/null +++ b/.integration/artifacthub/disallow-latest-tag/0.1.0/artifacthub-pkg.yaml @@ -0,0 +1,25 @@ +version: 0.1.0 +name: disallow-latest-tag +displayName: disallow-latest-tag +createdAt: "2023-11-12T06:49:21Z" +description: '`disallow-latest-tag` is a KCL validation module' +links: +- name: KCL homepage + url: https://kcl-lang.io/ +- name: KCL repo + url: https://github.com/kcl-lang/kcl +install: | + #### Add `disallow-latest-tag` with tag `0.1.0` as dependency + ``` + kpm add disallow-latest-tag:0.1.0 + ``` + + #### Pull `disallow-latest-tag` with tag `0.1.0` to local + ``` + kpm pull disallow-latest-tag:0.1.0 + ``` +maintainers: +- name: kcl-lang.io + email: kcl-lang.io@domainsbyproxy.com +provider: + name: kcl-lang.io