forked from vmware-tanzu-labs/educates-training-platform
/
vendir.yml
93 lines (76 loc) · 2.97 KB
/
vendir.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
apiVersion: vendir.k14s.io/v1alpha1
kind: Config
minimumRequiredVersion: 0.26.0
directories:
- path: carvel-packages/cluster-essentials/bundle/config/_ytt_lib/metacontroller/_ytt_lib/upstream
contents:
- path: "."
git:
url: https://github.com/metacontroller/metacontroller
ref: refs/tags/v4.2.0
includePaths:
- "manifests/production/**"
excludePaths:
- "**/manifests/production/kustomization.yaml"
newRootPath: manifests/production
- path: carvel-packages/cluster-essentials/bundle/config/_ytt_lib/kyverno/_ytt_lib/upstream
contents:
- path: "."
githubRelease:
slug: kyverno/kyverno
tag: v1.9.2
assetNames:
- install.yaml
disableAutoChecksumValidation: true
includePaths:
- install.yaml
- path: carvel-packages/cluster-essentials/bundle/config/_ytt_lib/contour/_ytt_lib/upstream
contents:
- path: "."
git:
url: https://github.com/vmware-tanzu/community-edition
ref: origin/main
newRootPath: addons/packages/contour/1.22.3/bundle/config
- path: carvel-packages/training-platform/bundle/config/_ytt_lib/kyverno-restricted/_ytt_lib/upstream
contents:
- path: "."
git:
url: https://github.com/kyverno/policies
ref: origin/release-1.9
includePaths:
- "pod-security/restricted/**"
excludePaths:
- "**/kustomization.yaml"
- "**/kyverno-test.yaml"
- "**/resource.yaml"
- path: carvel-packages/training-platform/bundle/config/_ytt_lib/kyverno-baseline/_ytt_lib/upstream
contents:
- path: "."
git:
url: https://github.com/kyverno/policies
ref: origin/release-1.9
includePaths:
- "pod-security/baseline/**"
excludePaths:
- "**/kustomization.yaml"
- "**/kyverno-test.yaml"
- "**/resource.yaml"
- path: carvel-packages/training-platform/bundle/config/_ytt_lib/kyverno-policies/_ytt_lib/upstream
contents:
- path: "."
git:
url: https://github.com/kyverno/policies
ref: origin/release-1.7
includePaths:
- "best-practices/disallow-empty-ingress-host/disallow_empty_ingress_host.yaml"
- "best-practices/disallow_cri_sock_mount/disallow_cri_sock_mount.yaml"
- "best-practices/restrict-service-external-ips/restrict-service-external-ips.yaml"
- "best-practices/restrict_node_port/restrict_node_port.yaml"
- "nginx-ingress/nginx-custom-snippets/disallow-custom-snippets.yaml"
- "nginx-ingress/nginx_annotation_checks/restrict-annotations.yaml"
- "nginx-ingress/nginx_path_checks/restrict-path.yaml"
- "other/disallow_localhost_services/disallow_localhost_services.yaml"
- "other/prevent-cr8escape/prevent-cr8escape.yaml"
- "other/restrict_ingress_defaultbackend/restrict_ingress_defaultbackend.yaml"
- "other/restrict_loadbalancer/restrict_loadbalancer.yaml"
- "other/unique-ingress-host-and-path/unique-ingress-host-and-path.yaml"