-
Notifications
You must be signed in to change notification settings - Fork 20
/
vendir.yml
116 lines (114 loc) · 4.46 KB
/
vendir.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
apiVersion: vendir.k14s.io/v1alpha1
kind: Config
minimumRequiredVersion: 0.26.0
directories:
- path: carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/kyverno/upstream
contents:
- path: "."
githubRelease:
slug: kyverno/kyverno
tag: v1.11.5
assetNames:
- install.yaml
disableAutoChecksumValidation: true
includePaths:
- install.yaml
- path: carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/_ytt_lib/kyverno-restricted/upstream
contents:
- path: "."
git:
url: https://github.com/kyverno/policies
ref: origin/release-1.11
includePaths:
- "pod-security/restricted/**"
excludePaths:
- "**/kustomization.yaml"
- "**/kyverno-test.yaml"
- "**/0*.yaml"
- "**/9*.yaml"
- "**/pod*.yaml"
- "**/resource.yaml"
- "**/artifacthub-pkg.yml"
- "**/.chainsaw-test"
- "**/.kyverno-test"
- path: carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/_ytt_lib/kyverno-baseline/upstream
contents:
- path: "."
git:
url: https://github.com/kyverno/policies
ref: origin/release-1.11
includePaths:
- "pod-security/baseline/**"
excludePaths:
- "**/kustomization.yaml"
- "**/kyverno-test.yaml"
- "**/0*.yaml"
- "**/9*.yaml"
- "**/pod*.yaml"
- "**/resource.yaml"
- "**/artifacthub-pkg.yml"
- "**/.chainsaw-test"
- "**/.kyverno-test"
- path: carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/_ytt_lib/kyverno-policies/upstream
contents:
- path: "."
git:
url: https://github.com/kyverno/policies
ref: origin/release-1.11
includePaths:
- "best-practices/disallow-empty-ingress-host/disallow-empty-ingress-host.yaml"
- "best-practices/disallow-cri-sock-mount/disallow-cri-sock-mount.yaml"
- "best-practices/restrict-service-external-ips/restrict-service-external-ips.yaml"
- "best-practices/restrict-node-port/restrict-node-port.yaml"
- "nginx-ingress/disallow-ingress-nginx-custom-snippets/disallow-ingress-nginx-custom-snippets.yaml"
- "nginx-ingress/restrict-annotations/restrict-annotations.yaml"
- "nginx-ingress/restrict-ingress-paths/restrict-ingress-paths.yaml"
- "other/b-d/disallow-localhost-services/disallow-localhost-services.yaml"
- "other/m-q/prevent-cr8escape/prevent-cr8escape.yaml"
#! - "other/res/restrict-ingress-defaultbackend/restrict-ingress-defaultbackend.yaml"
- "other/res/restrict-loadbalancer/restrict-loadbalancer.yaml"
#! - "other/s-z/unique-ingress-host-and-path/unique-ingress-host-and-path.yaml"
- path: carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/cert-manager/upstream
contents:
- path: .
githubRelease:
slug: cert-manager/cert-manager
tag: v1.14.7
disableAutoChecksumValidation: true
includePaths:
- cert-manager.yaml
#! Note that we download Contour twice, once for use in Educates package and
#! once for use by the virtual clusters code in session-manager. Make sure the
#! version is updated on both and operation of both use cases checked.
- path: carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/contour/upstream
contents:
- path: .
git:
url: https://github.com/projectcontour/contour
ref: v1.28.5
newRootPath: examples/contour
- path: session-manager/packages/contour/upstream
contents:
- path: .
git:
url: https://github.com/projectcontour/contour
ref: v1.28.5
newRootPath: examples/contour
- path: carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/external-dns/upstream
contents:
- path: .
git:
url: https://github.com/kubernetes-sigs/external-dns
ref: v0.14.2
includePaths:
- kustomize/external-dns-*
newRootPath: kustomize
- path: carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/kapp-controller/upstream
contents:
- path: .
githubRelease:
slug: carvel-dev/kapp-controller
tag: v0.52.0
disableAutoChecksumValidation: true
includePaths:
- release.yml