https://github.com/developer-guy/oci-kyverno

A demonstration of pulling/pushing and signing/verifying Kyverno policies by storing them on OCI registries
https://github.com/developer-guy/oci-kyverno

crane docker go kyverno oci oci-artifacts oci-image registry

Last synced: 7 months ago
JSON representation

A demonstration of pulling/pushing and signing/verifying Kyverno policies by storing them on OCI registries

• Host: GitHub
• URL: https://github.com/developer-guy/oci-kyverno
• Owner: developer-guy
• Created: 2022-03-08T08:43:37.000Z (over 3 years ago)
• Default Branch: master
• Last Pushed: 2022-10-14T12:17:26.000Z (almost 3 years ago)
• Last Synced: 2025-02-26T19:52:37.011Z (8 months ago)
• Topics: crane, docker, go, kyverno, oci, oci-artifacts, oci-image, registry
• Language: Go
• Homepage:
• Size: 46.9 KB
• Stars: 5
• Watchers: 3
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# Prerequisites

* crane 

* docker

* go

* jq

# Usage

```shell

$ docker run -d -p 5000:5000 --restart=always --name registry registry:2

$ go run main.go disallow-capabilities.yaml localhost:5000/disallow-capabilities:latest

Uploading Kyverno policy file [disallow-capabilities.yaml] to [localhost:5000/disallow-capabilities:latest] with mediaType [application/vnd.cncf.kyverno.policy.layer.v1+yaml].

Kyverno policy file [disallow-capabilities.yaml] successfully uploaded to [localhost:5000/disallow-capabilities:latest]

$ crane manifest localhost:5000/disallow-capabilities:latest | jq 

{

  "schemaVersion": 2,

  "config": {

    "mediaType": "application/vnd.cncf.kyverno.config.v1+json",

    "size": 233,

    "digest": "sha256:d924710ff69c27353cee743d00226e7b1bd461b6df16943d983738e5264dfb3d"

  },

  "layers": [

    {

      "mediaType": "application/vnd.cncf.kyverno.policy.layer.v1+yaml",

      "size": 1551,

      "digest": "sha256:5b6075facc39bd992695f2c44285ae78165cf1497539b49168da4698a16cbfe7"

    }

  ],

  "annotations": {

    "kyverno.io/kubernetes-version": "1.22-1.23",

    "kyverno.io/kyverno-version": "1.6.0",

    "policies.kyverno.io/category": "Pod Security Standards (Baseline)",

    "policies.kyverno.io/description": "Adding capabilities beyond those listed in the policy must be disallowed.",

    "policies.kyverno.io/minversion": "1.6.0",

    "policies.kyverno.io/severity": "medium",

    "policies.kyverno.io/subject": "Pod",

    "policies.kyverno.io/title": "Disallow Capabilities"

  }

}

```