Merge pull request #953 from michaelkotelnikov/contribfest-policy-fix

Fixed sample policies to include more container types
kyverno · May 15, 2024 · 7949c9e · 7949c9e
2 parents ffb9a0b + 3425709
commit 7949c9e
Show file tree

Hide file tree

Showing 8 changed files with 9 additions and 9 deletions.
diff --git a/other/add-default-resources/add-default-resources.yaml b/other/add-default-resources/add-default-resources.yaml
@@ -34,7 +34,7 @@ spec:
         - UPDATE
     mutate:
       foreach:
-      - list: "request.object.spec.containers[]"
+      - list: "request.object.spec.[ephemeralContainers, initContainers, containers][]"
         patchStrategicMerge:
           spec:
             containers:

diff --git a/other/add-default-resources/artifacthub-pkg.yml b/other/add-default-resources/artifacthub-pkg.yml
@@ -19,4 +19,4 @@ annotations:
   kyverno/category: "Other"
   kyverno/kubernetesVersion: "1.26"
   kyverno/subject: "Pod"
-digest: 215f880a62b2c2e7627321623a22037af3f89e3e740372f02a40214da8163d79
+digest: 24a5a9e9a4ee1e83ab00bb85718a70ed0cd00d28506dbc1192ab3901bd0a6bcf
diff --git a/other/allowed-base-images/allowed-base-images.yaml b/other/allowed-base-images/allowed-base-images.yaml
@@ -41,7 +41,7 @@ spec:
         This container image's base is not in the approved list or is not specified. Only pre-approved
         base images may be used. Please contact the platform team for assistance.
       foreach:
-      - list: "request.object.spec.containers"
+      - list: "request.object.spec.[ephemeralContainers, initContainers, containers][]"
         context:
         - name: imageData
           imageRegistry: 

diff --git a/other/allowed-base-images/artifacthub-pkg.yml b/other/allowed-base-images/artifacthub-pkg.yml
@@ -19,4 +19,4 @@ annotations:
   kyverno/category: "Other"
   kyverno/kubernetesVersion: "1.23"
   kyverno/subject: "Pod"
-digest: a0edbf4ddfa0a06c5334133357219b22af4272fc46a30489d9181e29fb38d014
+digest: be54e5cb7e03c6e7d786da1836612a228299b22d60443f8288420d6089372232
diff --git a/psp-migration/add-apparmor/add-apparmor.yaml b/psp-migration/add-apparmor/add-apparmor.yaml
@@ -34,7 +34,7 @@ spec:
           - UPDATE
     mutate:
       foreach:
-      - list: request.object.spec.containers[]
+      - list: request.object.spec.[ephemeralContainers, initContainers, containers][]
         patchStrategicMerge:
           metadata:
             annotations:

diff --git a/psp-migration/add-apparmor/artifacthub-pkg.yml b/psp-migration/add-apparmor/artifacthub-pkg.yml
@@ -19,4 +19,4 @@ annotations:
   kyverno/category: "PSP Migration"
   kyverno/kubernetesVersion: "1.24"
   kyverno/subject: "Pod,Annotation"
-digest: 082461dca2f21839c429ac792fa4c8cb7a6a86639580345e124e541bf595332d
+digest: 0bb624dce200ace9730d9ddf85c5aca5f1fcf61759412a672155e176f24d9ac7
diff --git a/psp-migration/add-capabilities/add-capabilities.yaml b/psp-migration/add-capabilities/add-capabilities.yaml
@@ -32,7 +32,7 @@ spec:
           - UPDATE
     mutate:
       foreach:
-      - list: request.object.spec.containers[]
+      - list: request.object.spec.[ephemeralContainers, initContainers, containers][]
         preconditions:
           all:
           - key: SETFCAP
@@ -42,7 +42,7 @@ spec:
           - path: /spec/containers/{{elementIndex}}/securityContext/capabilities/add/-
             op: add
             value: SETFCAP
-      - list: request.object.spec.containers[]
+      - list: request.object.spec.[ephemeralContainers, initContainers, containers][]
         preconditions:
           all:
           - key: SETUID

diff --git a/psp-migration/add-capabilities/artifacthub-pkg.yml b/psp-migration/add-capabilities/artifacthub-pkg.yml
@@ -19,4 +19,4 @@ annotations:
   kyverno/category: "PSP Migration"
   kyverno/kubernetesVersion: "1.24"
   kyverno/subject: "Pod"
-digest: 5f25e343611f412f21608223ee89a3684280045469ce1053bc7a3418ee57a1c4
+digest: 59ac7efa86868c57372662bbb60ed75ca0af8255df05cfebee2d2c8809f1ce2d