akillibulut
/
porter
зеркало из https://github.com/porter-dev/porter


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159
							web:
  kind: "helm_release"
  match:
    chart_name: "web"
  policies:
  - path: "./policies/web/web_version.rego"
    name: "web.version"
nginx:
  kind: "helm_release"
  match:
    name: nginx-ingress
    namespace: ingress-nginx
  mustExist: true
  policies:
  - path: "./policies/nginx/nginx_version.rego"
    name: "nginx.version"
  - path: "./policies/nginx/nginx_topology_spread_constraints.rego"
    name: "nginx.topology_spread_constraints"
  - path: "./policies/nginx/memory_limits.rego"
    name: "nginx.memory_limits"
  - path: "./policies/nginx/wait_shutdown.rego"
    name: "nginx.wait_shutdown"
cert-manager:
  kind: "helm_release"
  match:
    name: cert-manager
    namespace: cert-manager
  mustExist: true
  policies:
  - path: "./policies/cert-manager/cert_manager_version.rego"
    name: "cert_manager.version"
  - path: "./policies/cert-manager/cainjector_memory_limits.rego"
    name: "cert_manager.cainjector_memory_limits"
  - path: "./policies/cert-manager/controller_memory_limits.rego"
    name: "cert_manager.controller_memory_limits"
  - path: "./policies/cert-manager/webhook_memory_limits.rego"
    name: "cert_manager.webhook_memory_limits"
prometheus:
  kind: "helm_release"
  match:
    name: prometheus
    namespace: monitoring
  mustExist: true
  policies:
  - path: "./policies/prometheus/server_memory_limits.rego"
    name: "prometheus.server_memory_limits"
  - path: "./policies/prometheus/alertmanager_memory_limits.rego"
    name: "prometheus.alertmanager_memory_limits"
  - path: "./policies/prometheus/kubestatemetrics_memory_limits.rego"
    name: "prometheus.kubestatemetrics_memory_limits"
  - path: "./policies/prometheus/pushgateway_memory_limits.rego"
    name: "prometheus.pushgateway_memory_limits"
  - path: "./policies/prometheus/nodeexporter_memory_limits.rego"
    name: "prometheus.nodeexporter_memory_limits"
  - path: "./policies/prometheus/prometheus_version.rego"
    name: "prometheus.version"
nginx_pod:
  kind: "pod"
  overrideSeverity: "critical"
  match:
    namespace: ingress-nginx
    labels:
      app.kubernetes.io/component: "controller"
      app.kubernetes.io/instance: "nginx-ingress"
      app.kubernetes.io/name: "ingress-nginx"
  policies:
  - path: "./policies/pod/running.rego"
    name: "pod.running"
prometheus_server_pod:
  kind: "pod"
  match:
    namespace: monitoring
    labels:
      app: "prometheus"
      component: "server"
      release: "prometheus"
  policies:
  - path: "./policies/pod/running.rego"
    name: "pod.running"
prometheus_alertmanager_pod:
  kind: "pod"
  match:
    namespace: monitoring
    labels:
      app: "prometheus"
      component: "alertmanager"
      release: "prometheus"
  policies:
  - path: "./policies/pod/running.rego"
    name: "pod.running"
porter_agent_pod:
  kind: "pod"
  match:
    namespace: porter-agent-system
    labels:
      control-plane: "controller-manager"
  policies:
  - path: "./policies/pod/running.rego"
    name: "pod.running"
porter_agent_loki_pod:
  kind: "pod"
  match:
    namespace: porter-agent-system
    labels:
      app: "loki"
      name: "porter-agent-loki"
  policies:
  - path: "./policies/pod/running.rego"
    name: "pod.running"
porter_agent_promtail_daemonset:
  kind: "daemonset"
  match:
    namespace: porter-agent-system
    labels:
      app.kubernetes.io/instance: "porter-agent"
      app.kubernetes.io/name: "promtail"
  policies:
  - path: "./policies/daemonset/running.rego"
    name: "daemonset.running"
certificates:
  kind: "crd_list"
  match:
    group: cert-manager.io
    version: v1
    resource: certificates
  policies:
  - path: "./policies/certificates/expiry_two_weeks.rego"
    name: "certificates.expiry_two_weeks"
  - path: "./policies/certificates/expired.rego"
    name: "certificates.expired"
node:
  kind: "crd_list"
  match:
    group: core
    version: v1
    resource: nodes
  policies:
  - path: "./policies/node/k8s_version.rego"
    name: "node.k8s_version"
  - path: "./policies/node/porter_run_taints.rego"
    name: "node.porter_run_taints"
  - path: "./policies/node/porter_run_labels.rego"
    name: "node.porter_run_labels"
  - path: "./policies/node/healthy.rego"
    name: "node.healthy"
descheduler:
  kind: "helm_release"
  match:
    name: descheduler
    namespace: kube-system
  mustExist: true
  policies: []
vpa:
  kind: "helm_release"
  match:
    name: vpa
    namespace: kube-system
  mustExist: true
  policies: []