Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
小 白蛋
Datree
Commits
88820031
Unverified
Commit
88820031
authored
3 years ago
by
hadar-co
Committed by
GitHub
3 years ago
Browse files
Options
Download
Email Patches
Plain Diff
feat: add pass/fail yamls for nsa rules (#532)
* docs: add pass/fail yamls for nsa rules
parent
35a08d80
main
620-disable-spinner-when-detecting-runs-in-ci-to-avoid-messing-up-logs-with-spinner-etc
702-datree-not-working-in-our-air-gapped-environment
746-offline-mode-does-not-work
762-unexpected-yaml-validation-error-did-not-find-expected-indicator
DAT-3878_add_--no-record_flag
DAT-3879_implement_resource_quotas_custom_keys
DAT-3938_bug-fixes
DAT-3938_extract-skipping-annotations-policy-check-flow
DAT-3958_support_no_intetnet_connection_offline_local
DAT-4003-isCi-query-param
DAT-4011_evluation-duration
DAT-4019_datree-test-validate-yaml-command
DAT-4019_datree-validate-yaml-command
DAT-4060_validate-yaml-send-result-data
DAT-4065-fix-offline-mode
DAT-4075-yml-validation-array
DAT-4105-remove-validate-yaml
DAT-4132-junit-output-fix-crash-invalid-configurations
DAT-4341-create-a-new-default-policy-all-rules
DAT-4389-verbose-support-all-output-formats
DAT-4405-remove-travis-cicd-impl
DAT-4427-cli-add-save-rendered-flag
ISSUE#570_support_customResourceDefinition_kind
ISSUE#573_support_JUnit_output_format
ISSUE#638_support_schema_validation_in_offline_mode
ISSUE#799_pre-commit_permission_denied_fix
add-v-tag-rc
add_cluster_integration_submodule
add_offline_check_in_k8s_validator
add_rego_support
add_tests_to_fragile_areas_of_code
adjust_error_message_for_k8s_schema_not_found
argoproj
codeowners
cverule
debug_save_read_default_rules_files
dima-wrong
docs
error-misspelling-metadataname
fix-homedir
fix-version-message-print-empty
hadar-co-patch-1
line-err
logfile
metadatarule
minor_changes_to_policies_yaml_validation
nsa-docs
offerings
patch-1-resove-conflicts
perf-files
pre_commit_hook_with_datreeci
prestoprule
probe-rules
refactor_datree_kustomize_test
refactor_datree_kustomize_test_2
refactors_in_printers
release/1.1.20
release/1.1.22
release/1.2.0
release/1.2.10
release/1.2.2
release/1.2.9
release/1.3.0
release/1.3.2
release/1.3.4
release/1.3.5
release/1.4.0
release/1.4.10
release/1.4.13
release/1.4.17
release/1.4.19
release/1.4.20
release/1.4.22
release/1.4.26
release/1.4.28
release/1.4.3
release/1.4.30
release/1.4.32
release/1.4.33
release/1.4.35
release/1.4.37
release/1.4.4
release/1.5.0
release/1.5.15
release/1.5.16
release/1.5.17
release/1.5.19
release/1.5.2
release/1.5.20
release/1.5.25
release/1.5.29
release/1.5.3
release/1.5.30
release/1.5.35
release/1.5.36
release/1.5.37
release/1.5.7
release/1.5.9
release/1.6.0
release/1.6.12
release/1.6.13
release/1.6.14
release/1.6.16
release/1.6.18
release/1.6.19
release/1.6.23
release/1.6.24
release/1.6.25
release/1.6.26
release/1.6.27
release/1.6.28
release/1.6.29
release/1.6.32
release/1.6.33
release/1.6.36
release/1.6.37
release/1.6.40
release/1.6.42
release/1.6.44
release/1.6.46
release/1.6.48
release/1.6.6
release/1.7.1
release/1.7.3
release/1.8.0
release/1.8.1
report_execution_environment
resty-client
sarif
schemadir
secretrules
skip-schema-validation-flag
sort_failed_rules_by_uniqe_names
svg-logo
test_pre_commit_hook
update-architecture-img
use_DI_to_get_config_home
1.8.2-rc
1.8.1
1.8.1-rc
1.8.0
1.8.0-rc
1.7.3
1.7.3-rc
1.7.2-rc
1.7.1
1.7.1-rc
1.7.0-rc
1.6.49-rc
1.6.48
1.6.48-rc
1.6.47-rc
1.6.46
1.6.46-rc
1.6.45-rc
1.6.44
1.6.44-rc
1.6.43-rc
1.6.42
1.6.42-rc
1.6.41-rc
1.6.40
1.6.40-rc
1.6.39-rc
1.6.38-rc
1.6.37
1.6.37-rc
1.6.36
1.6.36-rc
1.6.35-rc
1.6.34-rc
1.6.33
1.6.33-rc
1.6.32
1.6.32-rc
1.6.31-rc
1.6.30-rc
1.6.29
1.6.29-rc
1.6.28
1.6.28-rc
1.6.27
1.6.27-rc
1.6.26
1.6.26-rc
1.6.25
1.6.25-rc
1.6.24
1.6.24-rc
1.6.23
1.6.23-rc
1.6.22-rc
1.6.21-rc
1.6.20-rc
1.6.19
1.6.19-rc
1.6.18
1.6.18-rc
1.6.17-rc
1.6.16
1.6.16-rc
1.6.15-rc
1.6.14
1.6.14-rc
1.6.13
1.6.13-rc
1.6.12
1.6.12-rc
1.6.11-rc
1.6.10-rc
1.6.9-rc
1.6.8-rc
1.6.7-rc
1.6.6
1.6.6-rc
1.6.5-rc
1.6.4-rc
1.6.3-rc
1.6.2-rc
1.6.1-rc
1.6.0
1.6.0-rc
1.5.38-rc
1.5.37
1.5.37-rc
1.5.36
1.5.36-rc
1.5.35
1.5.35-rc
1.5.34-rc
1.5.33-rc
1.5.32-rc
1.5.31-rc
1.5.30
1.5.30-rc
1.5.29
1.5.29-rc
1.5.28-rc
1.5.27-rc
1.5.26-rc
1.5.25
1.5.25-rc
1.5.24-rc
1.5.23-rc
1.5.22-rc
1.5.21-rc
1.5.20
1.5.20-rc
1.5.19
1.5.19-rc
1.5.18-rc
1.5.17
1.5.17-rc
1.5.16
1.5.16-rc
1.5.15
1.5.15-rc
1.5.14-rc
1.5.13-rc
1.5.12-rc
1.5.11-rc
1.5.10-rc
1.5.9
1.5.9-rc
1.5.8-rc
1.5.7
1.5.7-rc
1.5.6-rc
1.5.5-rc
1.5.4-rc
1.5.3
1.5.3-rc
1.5.2
1.5.2-rc
1.5.1-rc
1.5.0
1.5.0-rc
1.4.40-rc-dima-test
1.4.39-rc
1.4.38-rc
1.4.37
1.4.37-rc
1.4.36-rc
1.4.35
1.4.35-rc
1.4.34-rc
1.4.33
1.4.33-rc
1.4.32
1.4.32-rc
1.4.31-rc
1.4.30
1.4.30-rc
1.4.29-rc
1.4.28
1.4.28-rc
1.4.27-rc
1.4.26
1.4.26-rc
1.4.25-rc
1.4.24-rc
1.4.23-rc
1.4.22
1.4.22-rc
1.4.21-rc
1.4.20
1.4.20-rc
1.4.19
1.4.19-rc
1.4.18-rc
1.4.17
1.4.17-rc
1.4.16-rc
1.4.15-rc
1.4.14-rc
1.4.13
1.4.13-rc
1.4.12-rc
1.4.11-rc
1.4.10
1.4.10-rc
1.4.9-rc
1.4.8-rc
1.4.7-rc
1.4.6-rc
1.4.5-rc
1.4.4
1.4.4-rc
1.4.3
1.4.3-rc
1.4.2-rc
1.4.1-rc
1.4.0
1.4.0-rc
1.3.11-rc
1.3.10-rc
1.3.9-rc
1.3.8-rc
1.3.7-rc
1.3.6-rc
1.3.5
1.3.5-rc
1.3.4
1.3.4-rc
1.3.3-rc
1.3.2
1.3.2-rc
1.3.1-rc
1.3.0
1.3.0-rc
1.2.11-rc
1.2.10
1.2.10-rc
1.2.9
1.2.9-rc
1.2.8-rc
1.2.7-rc
1.2.6-rc
1.2.5-rc
1.2.4-rc
1.2.3-rc
1.2.2
1.2.2-rc
1.2.1-rc
1.2.0
1.2.0-rc
1.1.25-rc
1.1.24-rc
1.1.23-rc
1.1.22
1.1.22-rc
1.1.21-rc
1.1.20
1.1.20-rc
1.1.19-rc
vv1.4.41-rc
v1.8.2-rc
v1.8.1
v1.8.1-rc
v1.8.0
v1.8.0-rc
v1.7.3
v1.7.3-rc
v1.7.2-rc
v1.7.1
v1.7.1-rc
v1.7.0-rc
v1.6.49-rc
v1.6.48
v1.6.48-rc
v1.6.47-rc
v1.6.46
v1.6.46-rc
v1.6.45-rc
v1.6.44
v1.6.44-rc
v1.6.43-rc
v1.6.42
v1.6.42-rc
v1.6.41-rc
v1.6.40
v1.6.40-rc
v1.6.39-rc
v1.6.38-rc
v1.6.37
v1.6.37-rc
v1.6.36
v1.6.36-rc
v1.6.35-rc
v1.6.34-rc
v1.6.33
v1.6.33-rc
v1.6.32
v1.6.32-rc
v1.6.31-rc
v1.6.30-rc
v1.6.29
v1.6.29-rc
v1.6.28
v1.6.28-rc
v1.6.27
v1.6.27-rc
v1.6.26
v1.6.26-rc
v1.6.25
v1.6.25-rc
v1.6.24
v1.6.24-rc
v1.6.23
v1.6.23-rc
v1.6.22-rc
v1.6.21-rc
v1.6.20-rc
v1.6.19
v1.6.19-rc
v1.6.18
v1.6.18-rc
v1.6.17-rc
v1.6.16
v1.6.16-rc
v1.6.15-rc
v1.6.14
v1.6.14-rc
v1.6.13
v1.6.13-rc
v1.6.12
v1.6.12-rc
v1.6.11-rc
v1.6.10-rc
v1.6.9-rc
v1.6.8-rc
v1.6.7-rc
v1.6.6
v1.6.6-rc
v1.6.5-rc
v1.6.4-rc
v1.6.3-rc
v1.6.2-rc
v1.6.1-rc
v1.6.0
v1.6.0-rc
v1.5.38-rc
v1.5.37
v1.5.37-rc
v1.5.36
v1.5.36-rc
v1.5.35
v1.5.35-rc
v1.5.34-rc
v1.5.33-rc
v1.5.32-rc
v1.5.31-rc
v1.5.30
v1.5.30-rc
v1.5.29
v1.5.29-rc
v1.5.28-rc
v1.5.27-rc
v1.5.26-rc
v1.5.25
v1.5.25-rc
v1.5.24-rc
v1.5.23-rc
v1.5.22-rc
v1.5.21-rc
v1.5.20
v1.5.20-rc
v1.5.19
v1.5.19-rc
v1.5.18-rc
v1.5.17
v1.5.17-rc
v1.5.16
v1.5.16-rc
v1.5.15
v1.5.15-rc
v1.5.14
v1.5.13
v1.5.12
v1.5.11
v1.5.10
v1.5.9
v1.5.7
v1.5.4-rc
v1.5.3
v1.5.3-rc
v1.5.2
v1.5.0
v1.4.43-rc
v1.4.42-rc
v1.4.41-rc
v1.4.40-rc
v1.4.40-rc-dima-test
v0.0.189798_tzlil_debug
v0.0.3
v0.0.2-extract_evaluation
v0.0.1
v0.0.1-extract_evaluation
v-extract_evaluation
No related merge requests found
Changes
19
Hide whitespace changes
Inline
Side-by-side
Showing
19 changed files
pkg/policy/nsaHardeningRules/nsaHardeningRules.yaml
+1
-1
pkg/policy/nsaHardeningRules/nsaHardeningRules.yaml
pkg/policy/nsaHardeningRules/tests/45-fail.yaml
+57
-0
pkg/policy/nsaHardeningRules/tests/45-fail.yaml
pkg/policy/nsaHardeningRules/tests/45-pass.yaml
+65
-0
pkg/policy/nsaHardeningRules/tests/45-pass.yaml
pkg/policy/nsaHardeningRules/tests/46-fail.yaml
+16
-0
pkg/policy/nsaHardeningRules/tests/46-fail.yaml
pkg/policy/nsaHardeningRules/tests/46-pass.yaml
+13
-0
pkg/policy/nsaHardeningRules/tests/46-pass.yaml
pkg/policy/nsaHardeningRules/tests/47-fail.yaml
+14
-0
pkg/policy/nsaHardeningRules/tests/47-fail.yaml
pkg/policy/nsaHardeningRules/tests/47-pass.yaml
+16
-0
pkg/policy/nsaHardeningRules/tests/47-pass.yaml
pkg/policy/nsaHardeningRules/tests/48-fail.yaml
+9
-0
pkg/policy/nsaHardeningRules/tests/48-fail.yaml
pkg/policy/nsaHardeningRules/tests/48-pass.yaml
+9
-0
pkg/policy/nsaHardeningRules/tests/48-pass.yaml
pkg/policy/nsaHardeningRules/tests/49-fail.yaml
+11
-0
pkg/policy/nsaHardeningRules/tests/49-fail.yaml
pkg/policy/nsaHardeningRules/tests/49-pass.yaml
+11
-0
pkg/policy/nsaHardeningRules/tests/49-pass.yaml
pkg/policy/nsaHardeningRules/tests/50-fail.yaml
+11
-0
pkg/policy/nsaHardeningRules/tests/50-fail.yaml
pkg/policy/nsaHardeningRules/tests/50-pass.yaml
+10
-0
pkg/policy/nsaHardeningRules/tests/50-pass.yaml
pkg/policy/nsaHardeningRules/tests/51-fail.yaml
+11
-0
pkg/policy/nsaHardeningRules/tests/51-fail.yaml
pkg/policy/nsaHardeningRules/tests/51-pass.yaml
+11
-0
pkg/policy/nsaHardeningRules/tests/51-pass.yaml
pkg/policy/nsaHardeningRules/tests/52-fail.yaml
+59
-0
pkg/policy/nsaHardeningRules/tests/52-fail.yaml
pkg/policy/nsaHardeningRules/tests/52-pass.yaml
+61
-0
pkg/policy/nsaHardeningRules/tests/52-pass.yaml
pkg/policy/nsaHardeningRules/tests/53-fail.yaml
+4
-0
pkg/policy/nsaHardeningRules/tests/53-fail.yaml
pkg/policy/nsaHardeningRules/tests/53-pass.yaml
+5
-0
pkg/policy/nsaHardeningRules/tests/53-pass.yaml
with
394 additions
and
1 deletion
+394
-1
pkg/policy/nsaHardeningRules.yaml
→
pkg/policy/nsaHardeningRules
/nsaHardeningRules
.yaml
+
1
-
1
View file @
88820031
...
...
@@ -298,7 +298,7 @@
const
:
true
required
:
-
runAsNonRoot
a
ny
Of
:
a
ll
Of
:
-
$ref
:
"
#/definitions/containerSecurityPattern"
-
$ref
:
"
#/definitions/podSecurityContextPattern"
additionalProperties
:
...
...
This diff is collapsed.
Click to expand it.
pkg/policy/nsaHardeningRules/tests/45-fail.yaml
0 → 100644
+
57
-
0
View file @
88820031
apiVersion
:
apps/v1
kind
:
Deployment
metadata
:
name
:
example-depl
namespace
:
exmpl
labels
:
environment
:
prod
app
:
web
spec
:
replicas
:
2
selector
:
matchLabels
:
app
:
web
template
:
metadata
:
namespace
:
exmpl
labels
:
app
:
web
spec
:
containers
:
-
name
:
front-end
image
:
nginx:latest
readinessProbe
:
tcpSocket
:
port
:
8080
initialDelaySeconds
:
5
periodSeconds
:
10
resources
:
requests
:
cpu
:
"
64m"
limits
:
cpu
:
"
500m"
ports
:
-
containerPort
:
80
-
name
:
rss-reader
image
:
datree/nginx@sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2
livenessProbe
:
httpGet
:
path
:
/healthz
port
:
8080
httpHeaders
:
-
name
:
Custom-Header
value
:
Awesome
readinessProbe
:
tcpSocket
:
port
:
8080
initialDelaySeconds
:
5
periodSeconds
:
10
resources
:
requests
:
cpu
:
"
64m"
memory
:
"
128Mi"
limits
:
memory
:
"
128Mi"
cpu
:
"
500m"
ports
:
-
containerPort
:
88
This diff is collapsed.
Click to expand it.
pkg/policy/nsaHardeningRules/tests/45-pass.yaml
0 → 100644
+
65
-
0
View file @
88820031
apiVersion
:
apps/v1
kind
:
Deployment
metadata
:
name
:
example-depl
namespace
:
exmpl
labels
:
environment
:
prod
app
:
web
on-call
:
yoda-at-datree.io
spec
:
replicas
:
2
selector
:
matchLabels
:
app
:
web
template
:
metadata
:
namespace
:
exmpl
labels
:
app
:
web
spec
:
restartPolicy
:
Always
containers
:
-
name
:
front-end
image
:
nginx@sha256:0a564e80a3156f2cc825d1720f303d59bd521da19bcbd01316870e1313ecbd23
securityContext
:
readOnlyRootFilesystem
:
true
runAsUser
:
810
readinessProbe
:
tcpSocket
:
port
:
8080
initialDelaySeconds
:
5
periodSeconds
:
10
resources
:
requests
:
memory
:
"
64Mi"
cpu
:
"
64m"
limits
:
cpu
:
"
500m"
ports
:
-
containerPort
:
80
-
name
:
rss-reader
image
:
datree/nginx@sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2
securityContext
:
readOnlyRootFilesystem
:
true
livenessProbe
:
httpGet
:
path
:
/healthz
port
:
8080
httpHeaders
:
-
name
:
Custom-Header
value
:
Awesome
readinessProbe
:
tcpSocket
:
port
:
8080
initialDelaySeconds
:
5
periodSeconds
:
10
resources
:
requests
:
cpu
:
"
64m"
memory
:
"
128Mi"
limits
:
memory
:
"
128Mi"
cpu
:
"
500m"
ports
:
-
containerPort
:
88
This diff is collapsed.
Click to expand it.
pkg/policy/nsaHardeningRules/tests/46-fail.yaml
0 → 100644
+
16
-
0
View file @
88820031
apiVersion
:
v1
kind
:
Pod
metadata
:
name
:
test-pd
spec
:
containers
:
-
image
:
k8s.gcr.io/test-webserver
name
:
test-container
volumeMounts
:
-
mountPath
:
/test-pd
name
:
test-volume
volumes
:
-
name
:
test-volume
hostPath
:
path
:
/data
type
:
Directory
This diff is collapsed.
Click to expand it.
pkg/policy/nsaHardeningRules/tests/46-pass.yaml
0 → 100644
+
13
-
0
View file @
88820031
apiVersion
:
v1
kind
:
Pod
metadata
:
name
:
test-pd
spec
:
containers
:
-
image
:
k8s.gcr.io/test-webserver
name
:
test-container
volumeMounts
:
-
mountPath
:
/test-pd
name
:
test-volume
volumes
:
-
name
:
test-volume
This diff is collapsed.
Click to expand it.
pkg/policy/nsaHardeningRules/tests/47-fail.yaml
0 → 100644
+
14
-
0
View file @
88820031
apiVersion
:
apps/v1
kind
:
Deployment
metadata
:
name
:
nginx-deployment
spec
:
selector
:
matchLabels
:
app
:
nginx
replicas
:
1
template
:
spec
:
containers
:
-
name
:
nginx
image
:
nginx:latest
This diff is collapsed.
Click to expand it.
pkg/policy/nsaHardeningRules/tests/47-pass.yaml
0 → 100644
+
16
-
0
View file @
88820031
apiVersion
:
apps/v1
kind
:
Deployment
metadata
:
name
:
nginx-deployment
spec
:
replicas
:
1
selector
:
matchLabels
:
app
:
nginx
template
:
spec
:
containers
:
-
name
:
nginx
image
:
nginx:latest
securityContext
:
allowPrivilegeEscalation
:
false
This diff is collapsed.
Click to expand it.
pkg/policy/nsaHardeningRules/tests/48-fail.yaml
0 → 100644
+
9
-
0
View file @
88820031
kind
:
Role
apiVersion
:
rbac.authorization.k8s.io/v1
metadata
:
namespace
:
default
name
:
pod-exec
rules
:
-
apiGroups
:
[
"
"
]
resources
:
[
"
pods/exec"
]
verbs
:
[
"
"
]
This diff is collapsed.
Click to expand it.
pkg/policy/nsaHardeningRules/tests/48-pass.yaml
0 → 100644
+
9
-
0
View file @
88820031
kind
:
Role
apiVersion
:
rbac.authorization.k8s.io/v1
metadata
:
namespace
:
default
name
:
pod-exec
rules
:
-
apiGroups
:
[
"
"
]
resources
:
[
"
pods"
]
verbs
:
[
"
"
]
This diff is collapsed.
Click to expand it.
pkg/policy/nsaHardeningRules/tests/49-fail.yaml
0 → 100644
+
11
-
0
View file @
88820031
apiVersion
:
v1
kind
:
Pod
metadata
:
name
:
security-context-demo-4
spec
:
containers
:
-
name
:
sec-ctx-4
image
:
gcr.io/google-samples/node-hello:1.0
securityContext
:
capabilities
:
add
:
[
"
NET_ADMIN"
,
"
SYS_TIME"
]
This diff is collapsed.
Click to expand it.
pkg/policy/nsaHardeningRules/tests/49-pass.yaml
0 → 100644
+
11
-
0
View file @
88820031
apiVersion
:
v1
kind
:
Pod
metadata
:
name
:
security-context-demo-4
spec
:
containers
:
-
name
:
sec-ctx-4
image
:
gcr.io/google-samples/node-hello:1.0
securityContext
:
capabilities
:
add
:
[
"
SYS_TIME"
]
This diff is collapsed.
Click to expand it.
pkg/policy/nsaHardeningRules/tests/50-fail.yaml
0 → 100644
+
11
-
0
View file @
88820031
apiVersion
:
v1
kind
:
Pod
metadata
:
name
:
myPod
spec
:
containers
:
-
name
:
container
image
:
node
ports
:
-
containerPort
:
80
hostPort
:
8080
This diff is collapsed.
Click to expand it.
pkg/policy/nsaHardeningRules/tests/50-pass.yaml
0 → 100644
+
10
-
0
View file @
88820031
apiVersion
:
v1
kind
:
Pod
metadata
:
name
:
myPod
spec
:
containers
:
-
name
:
container
image
:
node
ports
:
-
containerPort
:
80
This diff is collapsed.
Click to expand it.
pkg/policy/nsaHardeningRules/tests/51-fail.yaml
0 → 100644
+
11
-
0
View file @
88820031
apiVersion
:
v1
kind
:
Pod
metadata
:
name
:
myPod
spec
:
securityContext
:
runAsUser
:
2000
runAsGroup
:
200
containers
:
-
name
:
myContainer
image
:
node
This diff is collapsed.
Click to expand it.
pkg/policy/nsaHardeningRules/tests/51-pass.yaml
0 → 100644
+
11
-
0
View file @
88820031
apiVersion
:
v1
kind
:
Pod
metadata
:
name
:
myPod
spec
:
securityContext
:
runAsUser
:
2000
runAsGroup
:
2000
containers
:
-
name
:
myContainer
image
:
node
This diff is collapsed.
Click to expand it.
pkg/policy/nsaHardeningRules/tests/52-fail.yaml
0 → 100644
+
59
-
0
View file @
88820031
apiVersion
:
apps/v1
kind
:
Deployment
metadata
:
name
:
example-depl
namespace
:
exmpl
labels
:
environment
:
prod
app
:
web
spec
:
replicas
:
2
selector
:
matchLabels
:
app
:
web
template
:
metadata
:
namespace
:
exmpl
labels
:
app
:
web
spec
:
containers
:
-
name
:
front-end
image
:
nginx:latest
readinessProbe
:
tcpSocket
:
port
:
8080
initialDelaySeconds
:
5
periodSeconds
:
10
resources
:
requests
:
cpu
:
"
64m"
limits
:
cpu
:
"
500m"
ports
:
-
containerPort
:
80
-
name
:
rss-reader
image
:
datree/nginx@sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2
securityContext
:
runAsNonRoot
:
true
livenessProbe
:
httpGet
:
path
:
/healthz
port
:
8080
httpHeaders
:
-
name
:
Custom-Header
value
:
Awesome
readinessProbe
:
tcpSocket
:
port
:
8080
initialDelaySeconds
:
5
periodSeconds
:
10
resources
:
requests
:
cpu
:
"
64m"
memory
:
"
128Mi"
limits
:
memory
:
"
128Mi"
cpu
:
"
500m"
ports
:
-
containerPort
:
88
This diff is collapsed.
Click to expand it.
pkg/policy/nsaHardeningRules/tests/52-pass.yaml
0 → 100644
+
61
-
0
View file @
88820031
apiVersion
:
apps/v1
kind
:
Deployment
metadata
:
name
:
example-depl
namespace
:
exmpl
labels
:
environment
:
prod
app
:
web
spec
:
replicas
:
2
selector
:
matchLabels
:
app
:
web
template
:
metadata
:
namespace
:
exmpl
labels
:
app
:
web
spec
:
containers
:
-
name
:
front-end
image
:
nginx:latest
securityContext
:
runAsNonRoot
:
true
readinessProbe
:
tcpSocket
:
port
:
8080
initialDelaySeconds
:
5
periodSeconds
:
10
resources
:
requests
:
cpu
:
"
64m"
limits
:
cpu
:
"
500m"
ports
:
-
containerPort
:
80
-
name
:
rss-reader
image
:
datree/nginx@sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2
securityContext
:
runAsNonRoot
:
true
livenessProbe
:
httpGet
:
path
:
/healthz
port
:
8080
httpHeaders
:
-
name
:
Custom-Header
value
:
Awesome
readinessProbe
:
tcpSocket
:
port
:
8080
initialDelaySeconds
:
5
periodSeconds
:
10
resources
:
requests
:
cpu
:
"
64m"
memory
:
"
128Mi"
limits
:
memory
:
"
128Mi"
cpu
:
"
500m"
ports
:
-
containerPort
:
88
This diff is collapsed.
Click to expand it.
pkg/policy/nsaHardeningRules/tests/53-fail.yaml
0 → 100644
+
4
-
0
View file @
88820031
apiVersion
:
v1
kind
:
ServiceAccount
metadata
:
name
:
srvAcc
This diff is collapsed.
Click to expand it.
pkg/policy/nsaHardeningRules/tests/53-pass.yaml
0 → 100644
+
5
-
0
View file @
88820031
apiVersion
:
v1
kind
:
ServiceAccount
metadata
:
name
:
srvAcc
automountServiceAccountToken
:
false
This diff is collapsed.
Click to expand it.
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
Menu
Projects
Groups
Snippets
Help
