Merge branch 'gitlab-registry-kyverno' into 'master'

Add Kyverno Exception for Gitlab Certs SKIP UPGRADE See merge request platform-one/big-bang/bigbang!1522

Merge branch 'gitlab-registry-kyverno' into 'master'
10233141 · Ryan Garcia · 87cfa3fd · 781733fe · 10233141
Commit 10233141 authored 3 years ago by Ryan Garcia
--- a/chart/templates/kyverno/policies/values.yaml
+++ b/chart/templates/kyverno/policies/values.yaml
@@ -99,6 +99,30 @@ policies:
          # values from a readOnly projected volume holding secrets/configmap items, into the shared
          # volume.  The shared volume is mounted with subpaths pointing to specific files in the container.
          - gitlab-migrations*
+          # Volume `etc-ssl-certs` is an emptyDir mounted read/write in initContainer `certificates`
+          # It is also mounted in the container `registry` using a subPath, making it open to the
+          # vulnerability. The initContainer uses a shell script, stored in a configmap, to copies
+          # values from a readOnly projected volume holding secrets/configmap items, into the shared
+          # volume. The shared volume is mounted with subpaths pointing to specific files in the container.
+          - gitlab-registry*
+          # Volume `etc-ssl-certs` is an emptyDir mounted read/write in initContainer `certificates`
+          # It is also mounted in the container `gitlab-exporter` using a subPath, making it open to the
+          # vulnerability. The initContainer uses a shell script, stored in a configmap, to copies
+          # values from a readOnly projected volume holding secrets/configmap items, into the shared
+          # volume. The shared volume is mounted with subpaths pointing to specific files in the container.
+          - gitlab-gitlab-exporter*
+          # Volume `etc-ssl-certs` is an emptyDir mounted read/write in initContainer `certificates`
+          # It is also mounted in the container `gitlab-shell` using a subPath, making it open to the
+          # vulnerability. The initContainer uses a shell script, stored in a configmap, to copies
+          # values from a readOnly projected volume holding secrets/configmap items, into the shared
+          # volume. The shared volume is mounted with subpaths pointing to specific files in the container.
+          - gitlab-gitlab-shell*
+          # Volume `etc-ssl-certs` is an emptyDir mounted read/write in initContainer `certificates`
+          # It is also mounted in the container `gitaly` using a subPath, making it open to the
+          # vulnerability. The initContainer uses a shell script, stored in a configmap, to copies
+          # values from a readOnly projected volume holding secrets/configmap items, into the shared
+          # volume. The shared volume is mounted with subpaths pointing to specific files in the container.
+          - gitlab-gitaly*
      {{- end }}
  {{- end }}

@@ -440,4 +464,4 @@ policies:
    {{- end -}}
  {{- end -}}
 {{ toYaml $overlays }}
-{{- end }}
\ No newline at end of file
+{{- end }}