Skip to content
/ oci-kyverno Public

A demonstration of pulling/pushing and signing/verifying Kyverno policies by storing them on OCI registries

5 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

developer-guy/oci-kyverno

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
.gitignore
.gitignore
 
 
README.md
README.md
 
 
disallow-capabilities.yaml
disallow-capabilities.yaml
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

Prerequisites

  • crane
  • docker
  • go
  • jq

Usage

$ docker run -d -p 5000:5000 --restart=always --name registry registry:2

$ go run main.go disallow-capabilities.yaml localhost:5000/disallow-capabilities:latest
Uploading Kyverno policy file [disallow-capabilities.yaml] to [localhost:5000/disallow-capabilities:latest] with mediaType [application/vnd.cncf.kyverno.policy.layer.v1+yaml].
Kyverno policy file [disallow-capabilities.yaml] successfully uploaded to [localhost:5000/disallow-capabilities:latest]

$ crane manifest localhost:5000/disallow-capabilities:latest | jq 
{
  "schemaVersion": 2,
  "config": {
    "mediaType": "application/vnd.cncf.kyverno.config.v1+json",
    "size": 233,
    "digest": "sha256:d924710ff69c27353cee743d00226e7b1bd461b6df16943d983738e5264dfb3d"
  },
  "layers": [
    {
      "mediaType": "application/vnd.cncf.kyverno.policy.layer.v1+yaml",
      "size": 1551,
      "digest": "sha256:5b6075facc39bd992695f2c44285ae78165cf1497539b49168da4698a16cbfe7"
    }
  ],
  "annotations": {
    "kyverno.io/kubernetes-version": "1.22-1.23",
    "kyverno.io/kyverno-version": "1.6.0",
    "policies.kyverno.io/category": "Pod Security Standards (Baseline)",
    "policies.kyverno.io/description": "Adding capabilities beyond those listed in the policy must be disallowed.",
    "policies.kyverno.io/minversion": "1.6.0",
    "policies.kyverno.io/severity": "medium",
    "policies.kyverno.io/subject": "Pod",
    "policies.kyverno.io/title": "Disallow Capabilities"
  }
}

About

A demonstration of pulling/pushing and signing/verifying Kyverno policies by storing them on OCI registries

Topics

go docker registry oci oci-image crane oci-artifacts kyverno

Resources

Readme
Activity

Stars

5 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages