Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: block-kubectl-cp policy #1216

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

feat: block-kubectl-cp policy #1216

wants to merge 4 commits into from

Conversation

Darkhood148
Copy link

@Darkhood148 Darkhood148 commented Jan 11, 2025
edited
Loading

Related Issue(s)

#1169

Description

Created a policy for the mentioned issue i.e. a policy that can block kubectl cp for pods with a given label

Checklist

  • I have read the policy contribution guidelines.
  • I have added test manifests and resources covering both positive and negative tests that prove this policy works as intended.
  • I have added the artifacthub-pkg.yml file and have verified it is complete and correct.

@Darkhood148
feat: block-kubectl-cp-by-pod-label policy
971c1fa 
Signed-off-by: Darkhood148 <ujjwal.sharma9999999@gmail.com>
@Darkhood148
Adds artifacthub-pkg.yml
15ef878 
Signed-off-by: Darkhood148 <ujjwal.sharma9999999@gmail.com>
@Darkhood148 Darkhood148 force-pushed the block-kubectl-cp-policy branch from ddfa426 to 15ef878 Compare January 11, 2025 15:05
@Darkhood148
Copy link
Author

Hey @JimBugwadia, I am done with all the changes including chainsaw tests. Could you please review it?

@Darkhood148 Darkhood148 force-pushed the block-kubectl-cp-policy branch from d945dab to d37184c Compare January 22, 2025 02:31
@Darkhood148
Adds chainsaw tests
748dbb4 
Signed-off-by: Darkhood148 <ujjwal.sharma9999999@gmail.com>
@Darkhood148 Darkhood148 force-pushed the block-kubectl-cp-policy branch from d37184c to 748dbb4 Compare January 22, 2025 02:32
@JimBugwadia
Copy link
Member

Hi @Darkhood148 - can you please fix the lint error?

https://github.com/kyverno/policies/actions/runs/12899995348/job/36452593199?pr=1216

You will need to re-run the artifacthub ID generator to incorporate changes:

https://github.com/kyverno/policies/blob/main/.hack/update-artifacthub-pkg.sh

Also, do we need the label check in this policy? I recommend simplifying by removing this. Users can opt-out via exceptions, etc. which seems better from a security perspective.

@Darkhood148 Darkhood148 changed the title feat: block-kubectl-cp-by-pod-label policy feat: block-kubectl-cp policy Feb 3, 2025
@Darkhood148 Darkhood148 force-pushed the block-kubectl-cp-policy branch 4 times, most recently from fbd3c98 to 59142b3 Compare February 3, 2025 21:29
@Darkhood148
Linting changes
12b6514 
Signed-off-by: Darkhood148 <ujjwal.sharma9999999@gmail.com>
@Darkhood148 Darkhood148 force-pushed the block-kubectl-cp-policy branch from 59142b3 to 12b6514 Compare February 3, 2025 21:33
@Darkhood148
Copy link
Author

Hi @JimBugwadia I have done the linting changes and removed the usage of labels. Could you please review the updates?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Darkhood148 @JimBugwadia