File tree Expand file tree Collapse file tree 11 files changed +144
-123
lines changed Expand file tree Collapse file tree 11 files changed +144
-123
lines changed Original file line number Diff line number Diff line change
1
+ apiVersion : rds.services.k8s.aws/v1alpha1
2
+ kind : DBInstance
3
+ metadata :
4
+ name : rds-should-be-encrypted-0
5
+ labels :
6
+ mycompany.com/policy-version : " 1.0.0"
7
+ spec :
8
+ allocatedStorage :
9
+ autoMinorVersionUpgrade : true
10
+ backupRetentionPeriod : 7
11
+ dbInstanceClass :
12
+ dbInstanceIdentifier :
13
+ dbName : demo
14
+ dbSubnetGroupName :
15
+ enablePerformanceInsights : true
16
+ engine : postgres
17
+ engineVersion : " 13"
18
+ masterUsername :
19
+ masterUserPassword :
20
+ namespace :
21
+ name : demo-postgres-creds
22
+ key : password
23
+ multiAZ : true
24
+ publiclyAccessible : false
25
+ storageEncrypted : false
26
+ storageType : gp2
27
+ vpcSecurityGroupIDs :
28
+ - EKS_VPC_ID
Original file line number Diff line number Diff line change
1
+ apiVersion : rds.services.k8s.aws/v1alpha1
2
+ kind : DBInstance
3
+ metadata :
4
+ name : rds-should-be-encrypted-1
5
+ labels :
6
+ mycompany.com/policy-version : " 1.0.0"
7
+ spec :
8
+ allocatedStorage :
9
+ autoMinorVersionUpgrade : true
10
+ backupRetentionPeriod : 7
11
+ dbInstanceClass :
12
+ dbInstanceIdentifier :
13
+ dbName : demo
14
+ dbSubnetGroupName :
15
+ enablePerformanceInsights : true
16
+ engine : postgres
17
+ engineVersion : " 13"
18
+ masterUsername :
19
+ masterUserPassword :
20
+ namespace :
21
+ name : demo-postgres-creds
22
+ key : password
23
+ multiAZ : true
24
+ publiclyAccessible : false
25
+ storageType : gp2
26
+ vpcSecurityGroupIDs :
27
+ - EKS_VPC_ID
Original file line number Diff line number Diff line change
1
+ apiVersion : rds.services.k8s.aws/v1alpha1
2
+ kind : DBInstance
3
+ metadata :
4
+ name : rds-should-be-encrypted-2
5
+ labels :
6
+ mycompany.com/policy-version : " 1.0.0"
7
+ spec :
8
+ allocatedStorage :
9
+ autoMinorVersionUpgrade : true
10
+ backupRetentionPeriod : 7
11
+ dbInstanceClass :
12
+ dbInstanceIdentifier :
13
+ dbName : demo
14
+ dbSubnetGroupName :
15
+ enablePerformanceInsights : true
16
+ engine : postgres
17
+ engineVersion : " 13"
18
+ masterUsername :
19
+ masterUserPassword :
20
+ namespace :
21
+ name : demo-postgres-creds
22
+ key : password
23
+ multiAZ : true
24
+ publiclyAccessible : false
25
+ storageEncrypted : true
26
+ storageType : gp2
27
+ vpcSecurityGroupIDs :
28
+ - EKS_VPC_ID
Original file line number Diff line number Diff line change
1
+ apiVersion : kyverno.io/v1
2
+ kind : ClusterPolicy
3
+ metadata :
4
+ name : rds-should-be-encrypted
5
+ annotations :
6
+ policies.kyverno.io/title : RDS should be encrypted
7
+ policies.kyverno.io/category : Example Org Policy
8
+ policies.kyverno.io/severity : medium
9
+ policies.kyverno.io/subject : Label
10
+ pod-policies.kyverno.io/autogen-controllers : none
11
+ spec :
12
+ validationFailureAction : enforce
13
+ background : false
14
+ rules :
15
+ - name : rds-should-be-encrypted
16
+ exclude :
17
+ any :
18
+ - resources :
19
+ namespaces :
20
+ - kube-system
21
+ match :
22
+ all :
23
+ - resources :
24
+ namespaces :
25
+ - " *?"
26
+ kinds :
27
+ - " DBInstance"
28
+ selector :
29
+ matchLabels :
30
+ mycompany.com/policy-version : " 1.0.0"
31
+ validate :
32
+ message : " RDS volumes must be encrypted."
33
+ pattern :
34
+ spec :
35
+ storageEncrypted : true
Original file line number Diff line number Diff line change
1
+
2
+ name : tests
3
+
4
+ policies :
5
+ - policy.yaml
6
+ resources :
7
+ - fail0.yaml
8
+ - fail1.yaml
9
+ - pass0.yaml
10
+
11
+ results :
12
+ - policy : rds-should-be-encrypted
13
+ rule : rds-should-be-encrypted
14
+ resource : rds-should-be-encrypted-0
15
+ kind : DBInstance
16
+ result : fail
17
+ - policy : rds-should-be-encrypted
18
+ rule : rds-should-be-encrypted
19
+ resource : rds-should-be-encrypted-1
20
+ kind : DBInstance
21
+ result : fail
22
+ - policy : rds-should-be-encrypted
23
+ rule : rds-should-be-encrypted
24
+ resource : rds-should-be-encrypted-2
25
+ kind : DBInstance
26
+ result : pass
Load Diff This file was deleted.
Load Diff This file was deleted.
Load Diff This file was deleted.
Load Diff This file was deleted.
Load Diff This file was deleted.
Load Diff This file was deleted.
You can’t perform that action at this time.
0 commit comments