This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| customRules: | |
| my-rules.yaml: |- | |
| - macro: greetings | |
| condition: > | |
| proc.name = cowsay | |
| - rule: Try to say use cowsay in Container | |
| desc: Detect use of greetings command in container | |
| condition: > | |
| spawned_process and | |
| container and |
fredleger
/ gist:f599e058374721ebfae23c942e991da3
Created
September 27, 2024 16:20
helm lock chalenge
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # infos: | |
| # https://github.com/helm/helm/blob/3a3e3846ca9c929a6966583b461181e70f19bc13/internal/resolver/resolver.go#L215 | |
| # https://github.com/helm/helm/blob/983d5c26f805cc5cc29d3c27e8749e140f85b940/internal/resolver/resolver_test.go#L184 | |
| # req: '{Name: "alpine", Version: 0.1.0, Repository: "http://localhost:8879/charts"}' | |
| # lock: '{Name: "alpine", Version: 0.1.0, Repository: "http://localhost:8879/charts"}' | |
| # function: data, err := json.Marshal([2][]*chart.Dependency{req, lock}) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Variables | |
| NAMESPACE=$1 # The target namespace (passed as the first argument) | |
| SECRET_NAME=$2 # The imagePullSecret to remove (passed as the second argument) | |
| BACKUP_DIR="sa_backup" # Base directory to store backups | |
| DRY_RUN=$3 # Enable dry-run mode (passed as the third argument: "dry-run") | |
| # Function to check prerequisites | |
| function check_prerequisites() { |
fredleger
/ mutate-rancher-secrets-webhookconfiguration.yaml
Created
August 18, 2025 12:20
— forked from rverchere/mutate-rancher-secrets-webhookconfiguration.yaml
Kyverno ClusterPolicy Rancher Secrets Webhookconfiguration
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: kyverno.io/v1 | |
| kind: ClusterPolicy | |
| metadata: | |
| name: mutate-rancher-secrets-webhookconfiguration | |
| annotations: | |
| policies.kyverno.io/title: Filter Rancher secrets WebhookConfiguration | |
| policies.kyverno.io/description: >- | |
| Filter Rancher WebhookConfiguration to match secrets not in the `kube-system` namespace | |
| spec: | |
| mutateExistingOnPolicyUpdate: true |
OlderNewer