UNCLASSIFIED - NO CUI

Skip to content

Re-evaluate test-values.yaml

Re-evaluate the current test-values.yaml in both Big bang and within the package

Check for duplicate configurations that are already configured within the values itself and remove them. Add additional testing if needed.

URL: https://repo1.dso.mil/big-bang/product/packages/kyverno-policies

Default Values URL: https://repo1.dso.mil/big-bang/product/packages/kyverno-policies/-/raw/main/chart/values.yaml

Package Test Values URL: https://repo1.dso.mil/big-bang/product/packages/kyverno-policies/-/raw/main/tests/test-values.yaml

Duplicates found in kyvernoPolicies for Package Test Values:
# Ironbank images are rebuilt nightly and tags are not immutable = # Ironbank images are rebuilt nightly and tags are not immutable
policies.disallow-host-namespaces.enabled  =  true
policies.disallow-nodeport-services.enabled  =  true
policies.disallow-pod-exec.enabled  =  false
policies.disallow-privilege-escalation.enabled  =  true
policies.disallow-privileged-containers.enabled  =  true
policies.require-drop-all-capabilities.enabled  =  true
policies.require-image-signature.enabled  =  true
policies.require-image-signature.parameters.require.0.attestors.0.count  =  1
policies.require-image-signature.parameters.require.0.attestors.0.entries.0.keys.rekor.ignoreTlog  =  true
policies.require-image-signature.parameters.require.0.attestors.0.entries.0.keys.rekor.url  =
policies.require-image-signature.parameters.require.0.mutateDigest  =  false
policies.require-image-signature.parameters.require.0.verifyDigest  =  false
policies.require-labels.enabled  =  true
policies.require-non-root-group.enabled  =  true
policies.require-non-root-user.enabled  =  true
policies.restrict-apparmor.enabled  =  true
policies.restrict-capabilities.enabled  =  true
policies.restrict-external-ips.enabled  =  true
policies.restrict-external-names.enabled  =  true
policies.restrict-host-path-mount-pv.enabled  =  true
policies.restrict-host-path-mount.enabled  =  true
policies.restrict-host-path-write.enabled  =  true
policies.restrict-host-ports.enabled  =  true
policies.restrict-image-registries.enabled  =  true
policies.restrict-proc-mount.enabled  =  true
policies.restrict-seccomp.enabled  =  true
policies.restrict-selinux-type.enabled  =  true
policies.restrict-sysctls.enabled  =  true
policies.restrict-volume-types.enabled  =  true
policies.update-image-pull-policy.parameters.update.0.to  =  Always

UNCLASSIFIED - NO CUI