https://github.com/np-guard/baseline-rules

A package to handle the reading and processing of baseline rules
https://github.com/np-guard/baseline-rules

kubernetes policies

Last synced: 6 months ago
JSON representation

A package to handle the reading and processing of baseline rules

• Host: GitHub
• URL: https://github.com/np-guard/baseline-rules
• Owner: np-guard
• License: apache-2.0
• Created: 2021-06-01T13:30:53.000Z (over 4 years ago)
• Default Branch: master
• Last Pushed: 2023-12-26T06:48:21.000Z (almost 2 years ago)
• Last Synced: 2025-02-06T12:11:59.075Z (8 months ago)
• Topics: kubernetes, policies
• Language: Python
• Size: 66.4 KB
• Stars: 2
• Watchers: 2
• Forks: 0
• Open Issues: 1
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# baseline-rules

A package to handle the reading and processing of baseline rules (corporate policies).

A baseline-rule file is a YAML file containing a list of Rule objects, and each object has the following (optional) properties.

|Property   |Description     |Type  |Default|

|-----------|----------------|------|-------|

|name       |Rule name. Must match the requirements of [K8s DNS Subdomain Names](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#dns-subdomain-names)|string|`no-name`|

|description|Rule description|string|`''`|

|action     |Whether to allow or deny the specified connections. Either `allow` or `deny`|string|`allow`|

|from       |Connections source. Either a [K8s set-based requirement](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#set-based-requirement) or a [CIDR](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#ipblock-v1-networking-k8s-io)|string|`null` (all sources)|

|to         |Connections destination. Either a [K8s set-based requirement](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#set-based-requirement) or a [CIDR](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#ipblock-v1-networking-k8s-io)|string|`null` (all destinations)|

|from_ns    |Source Namespaces. a [K8s set-based requirement](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#set-based-requirement)|string|`null` (all source namespaces)|

|to_ns    |Destination Namespaces. a [K8s set-based requirement](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#set-based-requirement)|string|`null` (all destination namespaces)|

|protocol   |Connections protocol. Must be [supported by K8s](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#networkpolicyport-v1-networking-k8s-io).|string|`null` (all protocols)|

|port_min   |Minimal connections port. Must be in range [1, 65535]|int|`null` (no minimal port)|

|port_max   |Maximal connections port. Must be in range [1, 65535]|int|`null` (no maximal port)|

Examples are available in the [examples directory](https://github.com/np-guard/baseline-rules/tree/master/examples).