mirror of
https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git
synced 2025-12-06 07:21:36 +01:00
56 lines
1.7 KiB
YAML
56 lines
1.7 KiB
YAML
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
---
|
|
pod:
|
|
- name: "require-tag-and-digest"
|
|
rule: "require-tag-and-digest"
|
|
type: "required"
|
|
- name: "disallow-default-serviceaccount"
|
|
rule: "require-sa"
|
|
type: "required"
|
|
- name: "require-imagepullsecrets"
|
|
rule: "require-imagepullsecrets"
|
|
type: "required"
|
|
- name: "disallow-latest-tag"
|
|
rule: "validate-image-tag"
|
|
type: "required"
|
|
- name: "require-imagepullpolicy-always"
|
|
rule: "require-imagepullpolicy-always"
|
|
type: "required"
|
|
- name: "require-health-and-liveness-check"
|
|
rule: "require-health-and-liveness-check"
|
|
type: "required"
|
|
excludeKinds:
|
|
- "Job"
|
|
- name: "require-requests-limits"
|
|
rule: "validate-resources"
|
|
type: "required"
|
|
- name: "restrict-image-registries"
|
|
rule: "validate-registries"
|
|
type: "required"
|
|
- name: "require-containersecuritycontext"
|
|
rule: "require-ro-rootfs"
|
|
type: "optional"
|
|
- name: "require-containersecuritycontext"
|
|
rule: "require-no-privilege-escalation"
|
|
type: "optional"
|
|
- name: "require-containersecuritycontext"
|
|
rule: "require-all-capabilities-dropped"
|
|
type: "optional"
|
|
- name: "require-containersecuritycontext"
|
|
rule: "require-no-privileged"
|
|
type: "optional"
|
|
- name: "require-containersecuritycontext"
|
|
rule: "require-run-as-user"
|
|
type: "optional"
|
|
- name: "require-containersecuritycontext"
|
|
rule: "require-run-as-group"
|
|
type: "optional"
|
|
- name: "require-containersecuritycontext"
|
|
rule: "require-seccomp-profile"
|
|
type: "required"
|
|
- name: "require-containersecuritycontext"
|
|
rule: "require-run-as-non-root"
|
|
type: "optional"
|
|
...
|