marko/docker-development-youtube-series
1
0
Fork 0
mirror of https://github.com/marcel-dempers/docker-development-youtube-series.git synced 2025-06-06 17:01:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

datree updates

Browse Source
This commit is contained in:
marcel-dempers 2023-01-14 09:14:40 +11:00
parent 93fef37b6e
commit d271b80901
8 changed files with 830 additions and 85 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
.github/cicd.yaml vendored
View File

@ -1,33 +0,0 @@
on:
workflow_dispatch:
push:
branches: [ datree-scoring ]
env:
DATREE_TOKEN: ${{ secrets.DATREE_TOKEN }}
jobs:
k8sPolicyCheck:
runs-on: ubuntu-latest
steps:
- name: checkout
uses: actions/checkout@v2
- name: run datree policy check
uses: datreeio/action-datree@main
with:
path: 'kubernetes/datree/example/deployment.yaml'
cliArguments: '--only-k8s-files'
- name: docker login
env:
DOCKER_USER: ${{ secrets.DOCKER_USER }}
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
run: |
docker login -u $DOCKER_USER -p $DOCKER_PASSWORD
- name: build
run: |
docker build ./c# -t aimvector/csharp:1.0.0
- name: push
run: |
docker push aimvector/csharp:1.0.0
- name: deploy
run: |
echo 'deploying...'

33
.github/workflows/cicd.yaml vendored
View File

@ -1,33 +0,0 @@
on:
workflow_dispatch:
push:
branches: [ datree-scoring ]
env:
DATREE_TOKEN: ${{ secrets.DATREE_TOKEN }}
jobs:
k8sPolicyCheck:
runs-on: ubuntu-latest
steps:
- name: checkout
uses: actions/checkout@v2
- name: run datree policy check
uses: datreeio/action-datree@main
with:
path: 'kubernetes/datree/example/deployment.yaml'
cliArguments: '--only-k8s-files'
- name: docker login
env:
DOCKER_USER: ${{ secrets.DOCKER_USER }}
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
run: |
docker login -u $DOCKER_USER -p $DOCKER_PASSWORD
- name: build
run: |
docker build ./c# -t aimvector/csharp:1.0.0
- name: push
run: |
docker push aimvector/csharp:1.0.0
- name: deploy
run: |
echo 'deploying...'

103
kubernetes/datree/README-2023.md
View File

@ -56,7 +56,7 @@ helm search repo datree-webhook --versions
Grab the manifest:
```
CHART_VERSION="0.3.22"
APP_VERSION="0.1.41"
APP_VERSION="0.1.46"
DATREE_TOKEN=""
mkdir ./kubernetes/datree/manifests/
@ -85,13 +85,22 @@ kubectl -n datree get pods
## View our Cluster Score
Now with Datree installed in our cluster, we can review it's current scoring in the Datree [Dashboard](https://app.datree.io/overview) </br>
As we are running a test cluster or if you run in the cloud, there may be some cloud components in namespaces that you may want to ignore. </br>
We can do this by labeling a namespace which is [documented here](https://hub.datree.io/configuration/behavior#ignore-a-namespace)
We can do this by labeling a namespace which is [documented here](https://hub.datree.io/configuration/behavior#ignore-a-namespace) </br>
</p>
OR </br>
We can do this by using the [configuration file](https://hub.datree.io/configuration/behavior#ignore-a-namespace) for datree
```
# skip namespace using label
kubectl label namespaces local-path-storage "admission.datree/validate=skip"
# skip namespace using configmap
kubectl -n datree apply -f kubernetes/datree/configuration/config.yaml
kubectl rollout restart deployment -n datree
```
According to the dashboard, we still have a `D` score, let's rerun the scan:
@ -142,15 +151,68 @@ kubectl get job "scan-job" -n datree -o json | jq 'del(.spec.selector)' | jq 'de
Now we can follow the dashboard, to check our `namespace` for policy issues and start fixing them. </br>
Datree has a ton of features and capabilities. </br>
We can even run it locally using the CLI
Summary of our fixes:
```
spec:
containers:
- name: wordpress
image: wordpress:5.9-apache
kind: Deployment
spec:
template:
spec:
containers:
- name: wordpress
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
resources:
limits:
memory: "500Mi"
requests:
memory: "500Mi"
spec:
containers:
- name: wordpress
livenessProbe:
httpGet:
path: /
port: 80
readinessProbe:
httpGet:
path: /
port: 80
kind: Deployment
spec:
template:
spec:
containers:
- name: wordpress
volumeMounts:
- mountPath: /tmp
name: temp
- mountPath: /var/run/apache2/
name: apache
volumes:
- emptyDir: {}
name: temp
- emptyDir: {}
name: apache
kubectl -n cms apply -f kubernetes/datree/example/cms/
```
## Datree CLI : Testing our YAML locally
We can install the latest version of Datree with the command advertised:
```
curl https://get.datree.io | /bin/bash
apk add unzip
curl https://get.datree.io | /bin/sh
```
### Policy check
@ -158,7 +220,7 @@ curl https://get.datree.io | /bin/bash
Let's test my example manifests under our datree folder `kubernetes\datree\example`
```
datree test ./kubernetes/datree/example/cms/
datree test ./kubernetes/datree/example/cms/*.yaml
```
# CI/CD examples
@ -168,5 +230,32 @@ Once we have sorted out our policy issues, we can add Datree to our CI/CD pipeli
Checkout the [CI/CD integrations](https://hub.datree.io/cicd-examples) page. </br>
# Enforcing Policies
Configure Datree to enforce policies. </br>
We can use `helm upgrade` with the `--set` flag and set enforce to true like:
```
--set datree.enforce=true
```
Let's apply it to a new manifest and deploy it to our cluster:
```
helm template datree-webhook datree-webhook/datree-admission-webhook \
--create-namespace \
--set datree.enforce=true \
--set datree.token=${DATREE_TOKEN} \
--set datree.clusterName=$(kubectl config current-context) \
--version ${CHART_VERSION} \
--namespace datree \
> ./kubernetes/datree/manifests/datree.${APP_VERSION}-enforce.yaml
kubectl apply -n datree -f kubernetes/datree/manifests/datree.0.1.46-enforce.yaml
```
Try to apply our Wordpress MySQL which violates policies :
```
kubectl -n cms apply -f kubernetes/datree/example/cms/statefulset.yaml
```

8
kubernetes/datree/configuration/config.yaml Normal file
View File

@ -0,0 +1,8 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: webhook-scanning-filters
namespace: datree
data:
skiplist: |
- local-path-storage;(.*);(.*)

2
kubernetes/datree/example/cms/deploy.yaml
View File

@ -16,7 +16,7 @@ spec:
spec:
containers:
- name: wordpress
image: aimvector/wordpress-example
image: wordpress
ports:
- containerPort: 80
env:

6
kubernetes/datree/github-actions/datree.yaml
View File

@ -1,13 +1,9 @@
on:
workflow_dispatch:
push:
branches: [ datree ]
pull_request:
branches: [ datree ]
branches: [ datree-scoring ]
env:
DATREE_TOKEN: ${{ secrets.DATREE_TOKEN }}
jobs:
k8sPolicyCheck:
runs-on: ubuntu-latest

718
kubernetes/datree/manifests/datree.0.1.46-enforce.yaml Normal file
View File

@ -0,0 +1,718 @@
---
# Source: datree-admission-webhook/templates/cluster-scan-cronjob.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: cluster-scan-job-service-account
namespace: datree
---
# Source: datree-admission-webhook/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: datree-webhook-server
namespace: datree
labels:
app.kubernetes.io/name: datree-admission-webhook
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/instance: "datree-webhook"
app.kubernetes.io/version: 0.1.41
app.kubernetes.io/part-of: "datree"
meta.helm.sh/release-name: "datree-admission-webhook"
meta.helm.sh/release-namespace: "datree"
helm.sh/chart: datree-admission-webhook-0.3.22
---
# Source: datree-admission-webhook/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: datree-label-namespaces-hook-post-install
labels:
app.kubernetes.io/name: datree-admission-webhook
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/instance: "datree-webhook"
app.kubernetes.io/version: 0.1.41
app.kubernetes.io/part-of: "datree"
meta.helm.sh/release-name: "datree-admission-webhook"
meta.helm.sh/release-namespace: "datree"
helm.sh/chart: datree-admission-webhook-0.3.22
---
# Source: datree-admission-webhook/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: datree-cleanup-namespaces-hook-pre-delete
labels:
app.kubernetes.io/name: datree-admission-webhook
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/instance: "datree-webhook"
app.kubernetes.io/version: 0.1.41
app.kubernetes.io/part-of: "datree"
meta.helm.sh/release-name: "datree-admission-webhook"
meta.helm.sh/release-namespace: "datree"
helm.sh/chart: datree-admission-webhook-0.3.22
---
# Source: datree-admission-webhook/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: datree-wait-server-ready-hook-post-install
labels:
app.kubernetes.io/name: datree-admission-webhook
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/instance: "datree-webhook"
app.kubernetes.io/version: 0.1.41
app.kubernetes.io/part-of: "datree"
meta.helm.sh/release-name: "datree-admission-webhook"
meta.helm.sh/release-namespace: "datree"
helm.sh/chart: datree-admission-webhook-0.3.22
---
# Source: datree-admission-webhook/templates/webhook-with-cert-secrets.yaml
apiVersion: v1
kind: Secret
metadata:
name: datree-ca-tls
labels:
app.kubernetes.io/name: datree-admission-webhook
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/instance: "datree-webhook"
app.kubernetes.io/version: 0.1.41
app.kubernetes.io/part-of: "datree"
meta.helm.sh/release-name: "datree-admission-webhook"
meta.helm.sh/release-namespace: "datree"
helm.sh/chart: datree-admission-webhook-0.3.22
namespace: datree
type: kubernetes.io/tls
data:
tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBNHZiVnZJUzc0N1B2eFQyMER4amQ5ZFBUSGhJcWlYbUdlc1BEd2EwdFVoUFJPZjFLCm0yZ0Z4YjVpNkl5TEE2Zi81R00wT0xZVGVNc1pQSUlycytSMGpyZ016b1lXdWRZSlQ2ayttZmFyaGtlUGJ1NTcKWGg5NHBOamttTVhkOHNROS8rVkpoTnRNRFN0MjlkaHlOZ2o1am1Ea3NUNHRFUXF3aHcvOXZSRVlYYlJOazR4LwovMm5TMkdjdnhXVkU3WFlzZ3pNOVRXS3VqR01tQ2h1dXY3WEZweEtBbllRbDNPUUV2YUVQNC9rdmUyWFJsZStPCmNYbW16eXhMa29VMXNPQlRMclhqMU04V3pIRTNiMGtPcFdHV2toVjc3b0RJRlAwS1RXY29kVTN5V2JxaU9TM2UKajJmSGJlaXpmRXZsUWdsOStTdUwvNjdjK2RLTHBSbTJva0JSS1FJREFRQUJBb0lCQURkdVhZa3JTZEEwOUF4UwpJNVhFVndGZytLRFJndjRNWmlHNWlpZlZLY3B2K0p1WEZ3K1plajl2WGl5NWxvSVFGOWtwdVdsWVhxMFR2VmdmCjJwaVc1VGl1RHNLcDBRY1dGVFFWZTZxU3FoV2ppSTVwUkV3YWw1WjdPbWx0ZWVWK3REMjVQQmxzamNoeG94NHIKL01qaHJFRnZ2S3JsS3BDTThjd3F4YWZWY3dQL1BUdzFwUkVxRnpTRkxjamplK2xCNWZUWFdxV2RqMFpkQzdjQwpyVTVQNXZMZEVSRUZnU1dLY3FMd0RRL3MyclNqTEEzREdSSzJQa0hDblJ6cm52ZmIxNWVxNHhCQ253eTQ4WlByCnAzekxZV29BSXlMendObHNTdW5ETU01T1VjRE9wYk84a3RFVHZKZVErUGkvSVBpMXNHUUQ4MEdyS1NuazBkZHQKbWpBNWtXRUNnWUVBL3kxSm5KWUl1anExOGFsZGY4d0R6SWN4RVRLNUxIcW5ZRjhJZ2NLcDQ3WXdGK0d1c2c5cApia2lIdnBqY3pvNVVmZUNvMUhoSGw3L2NRUTIza2E0MW1aRnByYzhna0dINlFTd0h3RERHeHBjZXJRY2hOeVdpCkJPL2dYdC9nRUlSTWN6cE1IVTMrSTVBQm9uamZJUFdLTDVXYXFUellHV1FrZUU1cEVlRXEvUjBDZ1lFQTQ3SkEKTGxDSnZ6dFN0cE5DNXkrZTJkQ2NubG1NR014SVMxQXcwdFNZSVR1ajM2bnBVSEJ1cDBMTmdZZ2RBaDhwc05lYwo2N2ZDVHlucHFsN0tNQS90MEF1K250UWErYllOYmNHT1Y5SWZyL0F3K2VrRnZ6d2J4bm5kd1BSNnhicndIRmNxCkVpaWxKS0V5UXZ1dW9uVkZmSDBGNEtmdUtua2xubk5VQXkrQ2duMENnWUJpRktBa3BhNTVGalAwelNwNUFvdTcKUTROaW51SjU3RE1GWWNHOVRudEtZUzZmSDBtc2V5d0ZEYS9QWEtZU1pyYW5JNEVCR2JJNjY2M1crMVRCay9wYQpLb0E2SkZEWjdpN29lZW9JdnpiSUFqSHlRN2xLbnhabFcyWWNVV1NvTkpIR0FIUmRGeXRGdEFaTTByVEEwRi9xCjVrL3FHTTdmQTVUWkFScDFtdHlSS1FLQmdRQ2QrKy9NTXRWZ2Vpakp4U09HaE9RUy9VdXVFelBCZ1B3b1JWdWEKN1NjZzUrQ3NMNWhTMTYvdkhjcTVOVmZyUVBRTVg0M2hmMzZ5cnNJU0UvTDFwaGU3WW1yQWlTcXVXRUs1QkxOZQorOHhBcHNkVW52bjkxaGJ2ZjE3OW9xUU16Y2dMNGU2dTZzU3F4YTI2RENiL1VaOEU0VHBTeGpIYUJuU3puQkdPCnBFaEpnUUtCZ1FEb1NVNDJQbnl4djlOM2JMYmc1SE1rTHp5cDVHdVhOVTdRZjN2dEw0TzB5M2gxcDN0N1c1QnEKM2tuTzI4SS8yR3hibTE5RllOdnlHMnpvaG5ReHFUR2dGTmx2aGMyKzMxaGRpMVZyZndGVENlbzNPbTRuWm04ZApBdEE0Z0x0aE55K3hDWHZieHZuT0x4WkU3UWh4aE1UdWkyYW4rY1I4L0xHdHNaNXc1R09jK2c9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURVVENDQWptZ0F3SUJBZ0lRQTZSWVVlb1BUQzRuc2dOQ3JWQXZBekFOQmdrcWhraUc5dzBCQVFzRkFEQXoKTVRFd0x3WURWUVFERXlndlEwNDlRV1J0YVhOemFXOXVJRU52Ym5SeWIyeHNaWElnVjJWaWFHOXZheUJFWlcxdgpJRU5CTUI0WERUSXpNREV4TXpBeE1ESXdNbG9YRFRJNE1ERXhOREF4TURJd01sb3dNekV4TUM4R0ExVUVBeE1vCkwwTk9QVUZrYldsemMybHZiaUJEYjI1MGNtOXNiR1Z5SUZkbFltaHZiMnNnUkdWdGJ5QkRRVENDQVNJd0RRWUoKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBT0wyMWJ5RXUrT3o3OFU5dEE4WTNmWFQweDRTS29sNQpobnJEdzhHdExWSVQwVG45U3B0b0JjVytZdWlNaXdPbi8rUmpORGkyRTNqTEdUeUNLN1BrZEk2NERNNkdGcm5XCkNVK3BQcG4ycTRaSGoyN3VlMTRmZUtUWTVKakYzZkxFUGYvbFNZVGJUQTByZHZYWWNqWUkrWTVnNUxFK0xSRUsKc0ljUC9iMFJHRjIwVFpPTWYvOXAwdGhuTDhWbFJPMTJMSU16UFUxaXJveGpKZ29icnIrMXhhY1NnSjJFSmR6awpCTDJoRCtQNUwzdGwwWlh2am5GNXBzOHNTNUtGTmJEZ1V5NjE0OVRQRnN4eE4yOUpEcVZobHBJVmUrNkF5QlQ5CkNrMW5LSFZOOGxtNm9qa3QzbzlueDIzb3MzeEw1VUlKZmZrcmkvK3UzUG5TaTZVWnRxSkFVU2tDQXdFQUFhTmgKTUY4d0RnWURWUjBQQVFIL0JBUURBZ0trTUIwR0ExVWRKUVFXTUJRR0NDc0dBUVVGQndNQkJnZ3JCZ0VGQlFjRApBakFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQjBHQTFVZERnUVdCQlFSU3FISWVWN3k5cGlDdDRYYXpNYjVIMEI0CnpEQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFvblpOQ0NlU1lkSmZuTHhXWGM4T1pkcDJudWFxVUFEU2M0M0gKSFhsSzk5c3hlUWRZUEVyaGxLTHhyNmNaT0lXZTRjSVNVdnEzL3B1bktieCsva3FiQU5TRWhaQ1hkMjhIbWtoMgpIc0hXRjFlWkZDR0FEMDZ6TlJzUHNhTllIUHlyN3lGbmlTc0hOME81YUxWT2FDaVYzZHJCRmRReG5LemVrbnlkClVmaURNUExyazNveENCYnBpMlIyS3hQckU4T1hTcWtoem9RbzdtQys5M1dHdXJHckNyWnoyRUEyL0ZSdll6Uk8KVU43Q0haU1c1UGFRWGtIQlozTzFRTTZKdmhjdTNEM3VnZVhFN2d1NW5qYWVWL1hyWW04M09kUDBTY3AwSytsTwpOT1JNUmlGakJmcHliQ2NVR205THNEamF4UExEY2RHVnIrNWF6SVBNckx2VlhLdS9jZz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
---
# Source: datree-admission-webhook/templates/webhook-with-cert-secrets.yaml
apiVersion: v1
kind: Secret
metadata:
name: webhook-server-tls
labels:
app.kubernetes.io/name: datree-admission-webhook
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/instance: "datree-webhook"
app.kubernetes.io/version: 0.1.41
app.kubernetes.io/part-of: "datree"
meta.helm.sh/release-name: "datree-admission-webhook"
meta.helm.sh/release-namespace: "datree"
helm.sh/chart: datree-admission-webhook-0.3.22
namespace: datree
annotations:
self-signed-cert: "true"
type: kubernetes.io/tls
data:
tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcGdJQkFBS0NBUUVBeXNsMEEra2R6dVkyTm1JaUliOGJLVEhYWUJrbDhsU0M2YU5pbUVFQkc0ZGdPbkluClhiSXlMU0tMRG9lcU9MdU9kcnVWcHNJTTRoeldPcGN3MVRQSi91MjBFVVVvUlB3QXFrUk1jV1RqNnlDU3VkRmEKa05IaE00U2Y4QTMzekJEbVVLWWZFcVpxMktFcWRVbkc0SGluTTNNVTRxYnM5b01FbVY0TG9KbGFDL2FkYlQvdAo4bCtDb0RPYytnWERQWDhXd3IvcEROS1JocVQ5Q1VzUFJHNWlZSGR4S0VuQmtiaG1ZTlVwcVhaVEtRWEkzNVdqCmd6R3M0TXBiVGZHVVBFS2ZIZjdPNEJRdmhtK3JsWGM5UnRPc2xESS8zVnJuRDVEVE5VZVRxRlFHT29IeDVGbUgKaU94MFRnN1l3cm1abkZrTUNLcjJqUkNnSjY1UklzWWFMRzQ1RXdJREFRQUJBb0lCQVFDekJGcWRwU3JDWHFxWApJZFNkMC9ablRHK2tqeTdYbWRHajdhOTVWMUZoK3dWeE14c2JkTmNrenl6UkcrU2locmlDaXFEWEFOR2N2dlpECjdQcVlERXNTK01jUXcrdUQwcS9IbjltWDlRZmJwdnJBZlZlbEp4TFdod3NtUVQ1eThLeFJvQVVvVXE5YUpCUzIKUy9YOGJhYTFIYS9mVXBzNEYzdDA1UGdBdzhBaGMvYXZVRE5id3p3RTZONmR1RmVFTkJ0MWNwNkI3a3Y1RzJrUgo3SGxMMEdKU0tEdlk0K0lwQTdvSDNVTW5nT3ZmR3g4d1kxKzZxTm1JV1lOZkRQdVRvWFl5Qmg3VEo3SC9sdFdECnZDOUdBZ29tWFNTdXE2UVFkZVVVN0hET0JVQ09wMUFWYVVmcWs1Tk04WVNDQ20vanVtazZRYVRSTUJ4TkY1MkgKVy9MMHQ0b0pBb0dCQVBDVDNLNDl1TXJFS2FQZG1pNm9rWDB5ajhWMzZXeDMzK0cwVnpMRDNjc3d5TzNoQmNCeApRZkNCMTVDazYrYUJnYWxZRkRYQlU2T01nWnBvaDJKK2FSSXdST1Ztb2ZUYXhHbWhZakdIeVpDd3lYYTJDb29kCkVzM0lQS1FTb0J1dS9leE1EZ1hsdk9XYmtLTHZWVVllcEs4V2QxWEQ5QnRYRCt6OUFlUFU4cUJIQW9HQkFOZkoKWjliQXNFdG4yeVI4T2pZVDVHU3FndHVBdGsyNFoyZStRZDdkSWxxQ240YWE5b1ZDQXpKNlYzQ2RqQ1lCeXNLZgpiK2ZpRmlrVG9lYjh1M1E0Nndydi84dGU4cWZPOGRWbm9UbXFvcFdXZHRiQm8xNi9hWE82dzFOQnpHYVp3NnBzCkJ1N1d6ZEFhYURpZGlHWGFlOHZCT2xxQWZ0UDg2cE5iUGo1ME56TFZBb0dCQU9HOGZGZHFSdGpMMDU2VXNyV1IKS21MbGJJNEhoQmxwS2NPbzZpRVNOQzBTYTViNWkrSVU0NkIrMVB3K0k3TzRWU2ZISTcrRTFhd2lqUUdMajIxVgoyOVZiUVdwWE1TU0ZtY0xiMFQxVWdrZW4rb0hQTW5pQjYwRDM0QjY3ODB2R21UQjk5TEtIN1FVdFFUd0JnbXczCkdLUEpXdFE0OS9ZbmJTUWNDd2Z5cW03RkFvR0JBTmMvSzFwM21TT090SFUvaWQxNW1FQ21LYVFGVDFSVmxxaFEKaTJwZzBTelIwWWsydUtPU2hwZnFtNkJWTjRDT0Z4QnVjL1V0ZkFkN2N1dHp2UlVnMWF4eVhJa2o3QTlpQ2E5agpFTnJ5RC80Qk9nZmMzamJiM3JlM1c3R0lGL2xjZG1aZ0hjWk85THdhSzA0V0xnSFRuOXRPb3dPMTIwMWdveWxjClFjbVFxYU1GQW9HQkFLQlhoVWorWE9zWXoyOVFxMU9DTWZvU1hEQlFYQWtLNnROYjk3Ym9VZ3BmYlNLSkl1bEgKT01CVWpkZ09DSzBZOGw0TTRaYWVGY25uL3RJMlhMQ1V2Q24yUEViOUovS05hWEhxL25xR1BiYnd3NWl4ZXdzZQpJQlBoYkJjM3NtMzBQOXJ4R2FWNGNYdUpDN08yaG1yQlFsZHdtOGRGMDdXbmRabHhzNnlMT2tqeAotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURlekNDQW1PZ0F3SUJBZ0lRV3BOb0FoT1FNTmw2M3owalF3RXVmakFOQmdrcWhraUc5dzBCQVFzRkFEQXoKTVRFd0x3WURWUVFERXlndlEwNDlRV1J0YVhOemFXOXVJRU52Ym5SeWIyeHNaWElnVjJWaWFHOXZheUJFWlcxdgpJRU5CTUI0WERUSXpNREV4TXpBeE1ESXdNbG9YRFRJNE1ERXhOREF4TURJd01sb3dMekV0TUNzR0ExVUVBeE1rCkwwTk9QV1JoZEhKbFpTMTNaV0pvYjI5ckxYTmxjblpsY2k1a1lYUnlaV1V1YzNaak1JSUJJakFOQmdrcWhraUcKOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXlzbDBBK2tkenVZMk5tSWlJYjhiS1RIWFlCa2w4bFNDNmFOaQptRUVCRzRkZ09uSW5YYkl5TFNLTERvZXFPTHVPZHJ1VnBzSU00aHpXT3BjdzFUUEovdTIwRVVVb1JQd0Fxa1JNCmNXVGo2eUNTdWRGYWtOSGhNNFNmOEEzM3pCRG1VS1lmRXFacTJLRXFkVW5HNEhpbk0zTVU0cWJzOW9NRW1WNEwKb0psYUMvYWRiVC90OGwrQ29ET2MrZ1hEUFg4V3dyL3BETktSaHFUOUNVc1BSRzVpWUhkeEtFbkJrYmhtWU5VcApxWFpUS1FYSTM1V2pnekdzNE1wYlRmR1VQRUtmSGY3TzRCUXZobStybFhjOVJ0T3NsREkvM1ZybkQ1RFROVWVUCnFGUUdPb0h4NUZtSGlPeDBUZzdZd3JtWm5Ga01DS3IyalJDZ0o2NVJJc1lhTEc0NUV3SURBUUFCbzRHT01JR0wKTUE0R0ExVWREd0VCL3dRRUF3SUZvREFkQmdOVkhTVUVGakFVQmdnckJnRUZCUWNEQVFZSUt3WUJCUVVIQXdJdwpEQVlEVlIwVEFRSC9CQUl3QURBZkJnTlZIU01FR0RBV2dCUVJTcUhJZVY3eTlwaUN0NFhhek1iNUgwQjR6REFyCkJnTlZIUkVFSkRBaWdpQmtZWFJ5WldVdGQyVmlhRzl2YXkxelpYSjJaWEl1WkdGMGNtVmxMbk4yWXpBTkJna3EKaGtpRzl3MEJBUXNGQUFPQ0FRRUFoQ25WWjF5aktXOGhoc2x1ZmRZdzZ0b3ZXSjdrRFhHUVNrL3cxbjhGUFZKQQpHZm90NzZGSzZHckQ5YlV1MWlXUWQzUTFVUE1Bb1A5ajRFYUxBeWdZUG1SVDZHOFJvRzM3bWVlaVU2Mmo2THQyCmVZUWdKT0xNMWlzMGdLdXJvSzBBMjN6RzZHMldIeHphODBpVVN1Ky9OM1U2NHZKVDQ4NHNpOW1uNjc0OUNkNFAKYUVmWXZCY0dHZmwzNW9WazJkMzhZeThPd1gyd2ovTXRmakc0eDdweElJMUQ4TVV5TWY5M2liOFpKSS9RVUx5MQpYRVFIeFZ5bzJBTTEyYWNRQjBkZnlac24rRzBpZXVTYTQ2czdRSFVjSnRsOG5ieGJLMEhET25DVWxBeUl4RjFLClRzNDBKMXJiMFJFUlJMYlkvczMvOU1hYlNrWHhtSURLb2FybkFZVHZNUT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
---
# Source: datree-admission-webhook/templates/cluster-scan-cronjob.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: cluster-scan-job-role
rules:
- apiGroups:
- "*"
resources:
- "*"
verbs:
- "get"
- "list"
---
# Source: datree-admission-webhook/templates/clusterrole.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: datree-webhook-server-read
labels:
app.kubernetes.io/name: datree-admission-webhook
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/instance: "datree-webhook"
app.kubernetes.io/version: 0.1.41
app.kubernetes.io/part-of: "datree"
meta.helm.sh/release-name: "datree-admission-webhook"
meta.helm.sh/release-namespace: "datree"
helm.sh/chart: datree-admission-webhook-0.3.22
rules:
- apiGroups:
- ""
resources:
- "nodes"
- "namespaces"
verbs:
- "get"
- "list"
---
# Source: datree-admission-webhook/templates/clusterrole.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: datree-namespaces-update
labels:
app.kubernetes.io/name: datree-admission-webhook
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/instance: "datree-webhook"
app.kubernetes.io/version: 0.1.41
app.kubernetes.io/part-of: "datree"
meta.helm.sh/release-name: "datree-admission-webhook"
meta.helm.sh/release-namespace: "datree"
helm.sh/chart: datree-admission-webhook-0.3.22
rules:
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- update
- patch
resourceNames:
- kube-system
- datree
---
# Source: datree-admission-webhook/templates/clusterrole.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: datree-validationwebhook-delete
labels:
app.kubernetes.io/name: datree-admission-webhook
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/instance: "datree-webhook"
app.kubernetes.io/version: 0.1.41
app.kubernetes.io/part-of: "datree"
meta.helm.sh/release-name: "datree-admission-webhook"
meta.helm.sh/release-namespace: "datree"
helm.sh/chart: datree-admission-webhook-0.3.22
rules:
- apiGroups:
- "admissionregistration.k8s.io"
resources:
- validatingwebhookconfigurations
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
resourceNames:
- datree-webhook
---
# Source: datree-admission-webhook/templates/cluster-scan-cronjob.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: cluster-scan-job-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-scan-job-role
subjects:
- kind: ServiceAccount
name: cluster-scan-job-service-account
namespace: datree
---
# Source: datree-admission-webhook/templates/clusterrolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: datree-webhook-server-read
labels:
app.kubernetes.io/name: datree-admission-webhook
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/instance: "datree-webhook"
app.kubernetes.io/version: 0.1.41
app.kubernetes.io/part-of: "datree"
meta.helm.sh/release-name: "datree-admission-webhook"
meta.helm.sh/release-namespace: "datree"
helm.sh/chart: datree-admission-webhook-0.3.22
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: datree-webhook-server-read # datree-webhook-server-read
subjects:
- kind: ServiceAccount
name: datree-webhook-server # datree-webhook-server
namespace: datree
---
# Source: datree-admission-webhook/templates/clusterrolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: datree-namespaces-update
labels:
app.kubernetes.io/name: datree-admission-webhook
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/instance: "datree-webhook"
app.kubernetes.io/version: 0.1.41
app.kubernetes.io/part-of: "datree"
meta.helm.sh/release-name: "datree-admission-webhook"
meta.helm.sh/release-namespace: "datree"
helm.sh/chart: datree-admission-webhook-0.3.22
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: datree-namespaces-update
subjects:
- kind: ServiceAccount
name: "datree-label-namespaces-hook-post-install"
namespace: "datree"
- kind: ServiceAccount
name: "datree-cleanup-namespaces-hook-pre-delete"
namespace: "datree"
---
# Source: datree-admission-webhook/templates/clusterrolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: datree-validationwebhook-delete
labels:
app.kubernetes.io/name: datree-admission-webhook
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/instance: "datree-webhook"
app.kubernetes.io/version: 0.1.41
app.kubernetes.io/part-of: "datree"
meta.helm.sh/release-name: "datree-admission-webhook"
meta.helm.sh/release-namespace: "datree"
helm.sh/chart: datree-admission-webhook-0.3.22
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: datree-validationwebhook-delete
subjects:
- kind: ServiceAccount
name: "datree-cleanup-namespaces-hook-pre-delete"
namespace: "datree"
---
# Source: datree-admission-webhook/templates/role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: datree-pods-reader
labels:
app.kubernetes.io/name: datree-admission-webhook
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/instance: "datree-webhook"
app.kubernetes.io/version: 0.1.41
app.kubernetes.io/part-of: "datree"
meta.helm.sh/release-name: "datree-admission-webhook"
meta.helm.sh/release-namespace: "datree"
helm.sh/chart: datree-admission-webhook-0.3.22
rules:
- apiGroups:
- ""
resources:
- "pods"
- "jobs"
verbs:
- "get"
- "list"
- "watch"
---
# Source: datree-admission-webhook/templates/rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: datree-pods-reader
labels:
app.kubernetes.io/name: datree-admission-webhook
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/instance: "datree-webhook"
app.kubernetes.io/version: 0.1.41
app.kubernetes.io/part-of: "datree"
meta.helm.sh/release-name: "datree-admission-webhook"
meta.helm.sh/release-namespace: "datree"
helm.sh/chart: datree-admission-webhook-0.3.22
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: datree-pods-reader
subjects:
- kind: ServiceAccount
name: datree-wait-server-ready-hook-post-install
namespace: "datree"
---
# Source: datree-admission-webhook/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: datree-webhook-server
namespace: datree
labels:
app.kubernetes.io/name: datree-admission-webhook
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/instance: "datree-webhook"
app.kubernetes.io/version: 0.1.41
app.kubernetes.io/part-of: "datree"
meta.helm.sh/release-name: "datree-admission-webhook"
meta.helm.sh/release-namespace: "datree"
helm.sh/chart: datree-admission-webhook-0.3.22
spec:
selector:
app: "datree-webhook-server"
ports:
- port: 443
targetPort: webhook-api
---
# Source: datree-admission-webhook/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: datree-webhook-server
namespace: datree
labels:
app.kubernetes.io/name: datree-admission-webhook
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/instance: "datree-webhook"
app.kubernetes.io/version: 0.1.41
app.kubernetes.io/part-of: "datree"
meta.helm.sh/release-name: "datree-admission-webhook"
meta.helm.sh/release-namespace: "datree"
helm.sh/chart: datree-admission-webhook-0.3.22
owner: datree
app: "datree-webhook-server"
spec:
replicas: 2
selector:
matchLabels:
app: "datree-webhook-server"
template:
metadata:
labels:
app.kubernetes.io/name: datree-admission-webhook
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/instance: "datree-webhook"
app.kubernetes.io/version: 0.1.41
app.kubernetes.io/part-of: "datree"
meta.helm.sh/release-name: "datree-admission-webhook"
meta.helm.sh/release-namespace: "datree"
helm.sh/chart: datree-admission-webhook-0.3.22
app: "datree-webhook-server"
spec:
serviceAccountName: datree-webhook-server
containers:
- name: server
# caution: don't change the order of the environment variables
# changing the order will harm resource patching
env:
- name: DATREE_TOKEN
value: "ef7088eb-3096-4533-97d8-f16fb3a5b0c1"
- name: DATREE_POLICY
value: Starter
- name: DATREE_VERBOSE
value: ""
- name: DATREE_OUTPUT
value: ""
- name: DATREE_NO_RECORD
value: ""
- name: DATREE_ENFORCE
value: "true"
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 25000
livenessProbe:
httpGet:
path: /health
port: 8443
scheme: HTTPS
initialDelaySeconds: 5
periodSeconds: 10
readinessProbe:
httpGet:
path: /ready
port: 8443
scheme: HTTPS
initialDelaySeconds: 5
periodSeconds: 10
resources:
{}
image: "datree/admission-webhook:0.1.41"
imagePullPolicy: Always
ports:
- containerPort: 8443
name: webhook-api
volumeMounts:
- name: webhook-tls-certs
mountPath: /run/secrets/tls
readOnly: true
- name: webhook-config
mountPath: /config
readOnly: true
volumes:
- name: webhook-tls-certs
secret:
secretName: webhook-server-tls
- name: webhook-config
configMap:
name: webhook-scanning-filters
optional: true
---
# Source: datree-admission-webhook/templates/cluster-scan-cronjob.yaml
apiVersion: batch/v1
kind: Job
metadata:
name: scan-job
namespace: datree
spec:
backoffLimit: 4
template:
spec:
serviceAccountName: cluster-scan-job-service-account
restartPolicy: Never
containers:
- name: scan-job
env:
- name: DATREE_TOKEN
value: ef7088eb-3096-4533-97d8-f16fb3a5b0c1
- name: DATREE_POLICY
value: Starter
- name: CLUSTER_NAME
value: kind-datree
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 25000
seccompProfile:
type: RuntimeDefault
image: "datree/scan-job:0.0.13"
imagePullPolicy: Always
resources:
{}
volumeMounts:
- name: webhook-config
mountPath: /config
readOnly: true
volumes:
- name: webhook-config
configMap:
name: webhook-scanning-filters
optional: true
---
# Source: datree-admission-webhook/templates/cluster-scan-cronjob.yaml
apiVersion: batch/v1beta1
kind: CronJob
metadata:
name: scan-cronjob
namespace: datree
spec:
# get the current time, subtract 5 minutes, extract the minutes and inject it into the cron expression
# if helm installation was done at 13:35, the cron expression will be 30 * * * *, which means the job will run at 14:30, 15:30, 16:30, etc.
schedule: "57 * * * *" # every hour, starting 55 minutes after helm installation
jobTemplate:
spec:
backoffLimit: 4
template:
spec:
serviceAccountName: cluster-scan-job-service-account
restartPolicy: Never
containers:
- name: scan-job
env:
- name: DATREE_TOKEN
value: ef7088eb-3096-4533-97d8-f16fb3a5b0c1
- name: DATREE_POLICY
value: Starter
- name: CLUSTER_NAME
value: kind-datree
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 25000
seccompProfile:
type: RuntimeDefault
image: "datree/scan-job:0.0.13"
imagePullPolicy: Always
resources:
{}
volumeMounts:
- name: webhook-config
mountPath: /config
readOnly: true
volumes:
- name: webhook-config
configMap:
name: webhook-scanning-filters
optional: true
---
# Source: datree-admission-webhook/templates/namespace-post-delete.yaml
apiVersion: batch/v1
kind: Job
metadata:
name: datree-cleanup-namespaces-hook-pre-delete
labels:
app.kubernetes.io/name: datree-admission-webhook
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/instance: "datree-webhook"
app.kubernetes.io/version: 0.1.41
app.kubernetes.io/part-of: "datree"
meta.helm.sh/release-name: "datree-admission-webhook"
meta.helm.sh/release-namespace: "datree"
helm.sh/chart: datree-admission-webhook-0.3.22
namespace: datree
annotations:
"helm.sh/hook": pre-delete, pre-upgrade
"helm.sh/hook-delete-policy": hook-succeeded, hook-failed
spec:
template:
metadata:
labels:
app.kubernetes.io/name: datree-admission-webhook
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/instance: "datree-webhook"
app.kubernetes.io/version: 0.1.41
app.kubernetes.io/part-of: "datree"
meta.helm.sh/release-name: "datree-admission-webhook"
meta.helm.sh/release-namespace: "datree"
helm.sh/chart: datree-admission-webhook-0.3.22
spec:
restartPolicy: OnFailure
serviceAccount: datree-cleanup-namespaces-hook-pre-delete
nodeSelector:
kubernetes.io/os: linux
containers:
- name: kubectl-label
image: "clastix/kubectl:v1.25"
imagePullPolicy: IfNotPresent
command:
- sh
- "-c"
- >-
kubectl delete validatingwebhookconfigurations.admissionregistration.k8s.io datree-webhook -n datree;
kubectl label ns kube-system datree datree.io/skip-;
---
# Source: datree-admission-webhook/templates/namespace-post-install.yaml
apiVersion: batch/v1
kind: Job
metadata:
name: datree-label-namespaces-hook-post-install
namespace: datree
labels:
app.kubernetes.io/name: datree-admission-webhook
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/instance: "datree-webhook"
app.kubernetes.io/version: 0.1.41
app.kubernetes.io/part-of: "datree"
meta.helm.sh/release-name: "datree-admission-webhook"
meta.helm.sh/release-namespace: "datree"
helm.sh/chart: datree-admission-webhook-0.3.22
annotations:
"helm.sh/hook": post-install, post-upgrade
"helm.sh/hook-weight": "-5"
"helm.sh/hook-delete-policy": hook-succeeded, hook-failed
spec:
template:
metadata:
labels:
app.kubernetes.io/name: datree-admission-webhook
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/instance: "datree-webhook"
app.kubernetes.io/version: 0.1.41
app.kubernetes.io/part-of: "datree"
meta.helm.sh/release-name: "datree-admission-webhook"
meta.helm.sh/release-namespace: "datree"
helm.sh/chart: datree-admission-webhook-0.3.22
spec:
serviceAccount: datree-label-namespaces-hook-post-install
restartPolicy: OnFailure
nodeSelector:
kubernetes.io/os: linux
containers:
- name: kubectl-label
image: "clastix/kubectl:v1.25"
imagePullPolicy: IfNotPresent
args:
- label
- ns
- kube-system
- datree
- admission.datree/validate=skip
- --overwrite
---
# Source: datree-admission-webhook/templates/wait-server-ready-post-install.yaml
apiVersion: batch/v1
kind: Job
metadata:
name: datree-wait-server-ready-hook-post-install
namespace: datree
labels:
app.kubernetes.io/name: datree-admission-webhook
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/instance: "datree-webhook"
app.kubernetes.io/version: 0.1.41
app.kubernetes.io/part-of: "datree"
meta.helm.sh/release-name: "datree-admission-webhook"
meta.helm.sh/release-namespace: "datree"
helm.sh/chart: datree-admission-webhook-0.3.22
annotations:
"helm.sh/hook": post-install, post-upgrade
"helm.sh/hook-weight": "-5"
"helm.sh/hook-delete-policy": hook-succeeded, hook-failed
spec:
template:
metadata:
name: datree-wait-server-ready-hook-post-install
labels:
app.kubernetes.io/name: datree-admission-webhook
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/instance: "datree-webhook"
app.kubernetes.io/version: 0.1.41
app.kubernetes.io/part-of: "datree"
meta.helm.sh/release-name: "datree-admission-webhook"
meta.helm.sh/release-namespace: "datree"
helm.sh/chart: datree-admission-webhook-0.3.22
spec:
serviceAccountName: datree-wait-server-ready-hook-post-install
restartPolicy: Never
containers:
- name: kubectl-client
image: "clastix/kubectl:v1.25"
imagePullPolicy: IfNotPresent
command:
- sh
- "-c"
- >-
kubectl wait --for=condition=ready pod -l app=datree-webhook-server --timeout="180s"
---
# Source: datree-admission-webhook/templates/webhook-with-cert-secrets.yaml
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
name: datree-webhook
annotations:
"helm.sh/hook": post-install, post-upgrade
"helm.sh/hook-weight": "-5"
webhooks:
- name: webhook-server.datree.svc
sideEffects: None
timeoutSeconds: 30
failurePolicy: Ignore
admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: datree-webhook-server
namespace: datree
path: "/validate"
caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURVVENDQWptZ0F3SUJBZ0lRQTZSWVVlb1BUQzRuc2dOQ3JWQXZBekFOQmdrcWhraUc5dzBCQVFzRkFEQXoKTVRFd0x3WURWUVFERXlndlEwNDlRV1J0YVhOemFXOXVJRU52Ym5SeWIyeHNaWElnVjJWaWFHOXZheUJFWlcxdgpJRU5CTUI0WERUSXpNREV4TXpBeE1ESXdNbG9YRFRJNE1ERXhOREF4TURJd01sb3dNekV4TUM4R0ExVUVBeE1vCkwwTk9QVUZrYldsemMybHZiaUJEYjI1MGNtOXNiR1Z5SUZkbFltaHZiMnNnUkdWdGJ5QkRRVENDQVNJd0RRWUoKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBT0wyMWJ5RXUrT3o3OFU5dEE4WTNmWFQweDRTS29sNQpobnJEdzhHdExWSVQwVG45U3B0b0JjVytZdWlNaXdPbi8rUmpORGkyRTNqTEdUeUNLN1BrZEk2NERNNkdGcm5XCkNVK3BQcG4ycTRaSGoyN3VlMTRmZUtUWTVKakYzZkxFUGYvbFNZVGJUQTByZHZYWWNqWUkrWTVnNUxFK0xSRUsKc0ljUC9iMFJHRjIwVFpPTWYvOXAwdGhuTDhWbFJPMTJMSU16UFUxaXJveGpKZ29icnIrMXhhY1NnSjJFSmR6awpCTDJoRCtQNUwzdGwwWlh2am5GNXBzOHNTNUtGTmJEZ1V5NjE0OVRQRnN4eE4yOUpEcVZobHBJVmUrNkF5QlQ5CkNrMW5LSFZOOGxtNm9qa3QzbzlueDIzb3MzeEw1VUlKZmZrcmkvK3UzUG5TaTZVWnRxSkFVU2tDQXdFQUFhTmgKTUY4d0RnWURWUjBQQVFIL0JBUURBZ0trTUIwR0ExVWRKUVFXTUJRR0NDc0dBUVVGQndNQkJnZ3JCZ0VGQlFjRApBakFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQjBHQTFVZERnUVdCQlFSU3FISWVWN3k5cGlDdDRYYXpNYjVIMEI0CnpEQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFvblpOQ0NlU1lkSmZuTHhXWGM4T1pkcDJudWFxVUFEU2M0M0gKSFhsSzk5c3hlUWRZUEVyaGxLTHhyNmNaT0lXZTRjSVNVdnEzL3B1bktieCsva3FiQU5TRWhaQ1hkMjhIbWtoMgpIc0hXRjFlWkZDR0FEMDZ6TlJzUHNhTllIUHlyN3lGbmlTc0hOME81YUxWT2FDaVYzZHJCRmRReG5LemVrbnlkClVmaURNUExyazNveENCYnBpMlIyS3hQckU4T1hTcWtoem9RbzdtQys5M1dHdXJHckNyWnoyRUEyL0ZSdll6Uk8KVU43Q0haU1c1UGFRWGtIQlozTzFRTTZKdmhjdTNEM3VnZVhFN2d1NW5qYWVWL1hyWW04M09kUDBTY3AwSytsTwpOT1JNUmlGakJmcHliQ2NVR205THNEamF4UExEY2RHVnIrNWF6SVBNckx2VlhLdS9jZz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
namespaceSelector:
matchExpressions:
- key: admission.datree/validate
operator: DoesNotExist
rules:
- operations: ["CREATE", "UPDATE"]
apiGroups: ["*"]
apiVersions: ["*"]
resources: ["*"]

12
kubernetes/datree/manifests/datree.0.1.41.yaml → kubernetes/datree/manifests/datree.0.1.46.yaml
View File

@ -84,8 +84,8 @@ metadata:
namespace: datree
type: kubernetes.io/tls
data:
tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBN0tDOWljWjhUdlZwd1NUZk45S1hDNU8xZXo1alFXY1U4WE1qT1lFaDNLS3MrREIrCkJYM2luZVFMdTJ3TnJPdHA0MVllVTI5K1VrQ0RWQTdVdnpEVW5mT1RaenJwenRXcVFuc0hIVkpSSU0yTlViNjEKQnVPMjdGTzBqcTFLYWtZMFlNTUtDYVdiMHFOalloZEcwWlM0aUhOVlNWamxTeFFLRUJsMWh5OXJaTFN1NzE4UgorL2RmakxPR1JvT1QrR2ptUEpTVVBQYmlHZjVVTlpyaE9EcGtVc0o2NG9iU2t2bC9kNy9NN0dTbXRoWTd4UHVWCmJBZXdlaENzNng5Z0JaMEVEakVMR3prckJhR3dEWWl5OFVLcVZtYlpJNkFxMDNMYm9hVStVMGRheG4rY2dKZjMKd2tPa2V0eEFWUkZRSVlnNUVLL1l0UE1BQk1xNnpicWZ1MHEwOXdJREFRQUJBb0lCQVFEckJXdTduOHh2a0FpTgpzVldUV0RKMWFTdmpVTCs4Z2Vtbk5yaFJzUlEwMDg0QVpBbUc0dFZtQk00eVJNd0FaNEV3THFUSU1nREJLUnBICkxzUFhjV1I3elNVbWJya3ltYjBWY3FSS1Z5d0U3S1BrQVFwRDRZQVprYm5QekFZUkw5RnVHY21xY3pZbEsrclYKemxDa2NKWW4wSVZ3NkQ0MUo1NG5CMkpYOXAwdjB1eTZlV01zZHRZdU9MNkppOSswb0J3Q2Qzd0VqZXo1WUFUMwpHMmZVUTdJbXpnMUd4VnA4VG5ZdnBGTXFFKzdrMGZMY3o0a3ZZZzNtdTVSMmI5ZjBmYlJtK3VsVDVwdnpVS0IvCmNkTGNIalFQSHNqeER2NzJUM3l6bHVEWE0xU3NjTitjM1lwSjB2K3JVZWY3SnlFbUhpWFI5bEpWc3Vrc1djNkIKa05aL2NvZmhBb0dCQVBzYWt0UUpyMVREbFliYkQvTE1JY0loamJVYVlJaVJacG9kR0pZKzN6TWkrd1RwcDJHagpmR1E4elFac0hDWHYyTXFLVitGTVdFK09CbzlhVDVOand5OHpiRlN0WW1KRFRXY3pKeEFiTytDT0NFcUlxNXQrCkRBVW1KYy95UXErRE54TnFPSjlDWkNDNkxLTTJNdUk5eUowK1V4YWJCbWM1UGZYd1p4N2NnYnE5QW9HQkFQRTkKNkcwdVdqZXA1T3VxNTBSN0ErTFRPdHJQQzRNMWtyOGVGNXNBZkFlNVhlTEl4V0o4eFRIRDdkY2l1eWFsS3ozNgovdXhXUXN0UHhadU5UV2dYSTVma1dnVVRiZ3MvdVRBTFNDQkpxa2tyL0h4em9HbGVQN3VsNFZ2S3M4c2V3NmFQCndMWTNDK3RGNlJtRmtYQU9RZ29aaEFYbmYrVmxKQ3laM3lzSm9rUERBb0dBUmgrdnJXTmZBVzcxVFFuVU5GdnAKZVl0aFJaZ3VLVFZoejl3Y1I2a2JMKzZ1NXpwUk1pVXowZEpnOTFBdHRESjgrbU1VRTZqOGFJc2pMZGxzcTU2SwpuWjNndk8wR3NxWlU4V01KbjZmYld1U1BVREZHcTAvU0Q0WU52VHJNZ0xOR0tEZmJ4QzRJUkZONXI4S3RCeDExCjd1TysxR3RLcUgwRjNxN2FQWFliRElrQ2dZRUFvcGNBOGFVTjlQb3lhWXR6OXptWnN1UitoRDZMR2RHZnArT1cKTVVld1VGeGtwSmFBUWhLcHJSTEtWL2IyZitOT002WFk3bHh0QkM0dGx0c3pVblpWN09kZ3JJOGQyY01IQXhSMwpkaHR3QTRUNzFMenhYbExCVGExTko5cUVOdC96S1cwMWl4bXFsTlUzZDVZSUlhZmFab2d2N1BMTHhrWFdqYURmClFsaHAzcFVDZ1lBZkNudGJRak53SmM3M3draUFheGl4Q0tlTDE1eFFzdkl6ZlZqUHpRODBaNm42ZVZDYVU1a1YKc0hGZHZJZmM1eVQ4c0xKcGpLeXJYVXF5Q0pSTFFXcXZKaDladDhrdTNHOWRGWlQyUyt4dEFFcmo0LzkrZVNMbgo3ZmpQclFwVVl0SkxWQXdlZUkxUUhRejVya1NZVWtkWW9hcFpYUGpxbFNxaXZJK0tMVitPS0E9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURVakNDQWpxZ0F3SUJBZ0lSQUxKOUsyZ3FEaUVxdXNPNUlWREJBWmt3RFFZSktvWklodmNOQVFFTEJRQXcKTXpFeE1DOEdBMVVFQXhNb0wwTk9QVUZrYldsemMybHZiaUJEYjI1MGNtOXNiR1Z5SUZkbFltaHZiMnNnUkdWdApieUJEUVRBZUZ3MHlNakV5TWpZd01ERTJNRFJhRncweU56RXlNamN3TURFMk1EUmFNRE14TVRBdkJnTlZCQU1UCktDOURUajFCWkcxcGMzTnBiMjRnUTI5dWRISnZiR3hsY2lCWFpXSm9iMjlySUVSbGJXOGdRMEV3Z2dFaU1BMEcKQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUURzb0wySnhueE85V25CSk44MzBwY0xrN1Y3UG1OQgpaeFR4Y3lNNWdTSGNvcXo0TUg0RmZlS2Q1QXU3YkEyczYybmpWaDVUYjM1U1FJTlVEdFMvTU5TZDg1Tm5PdW5PCjFhcENld2NkVWxFZ3pZMVJ2clVHNDdic1U3U09yVXBxUmpSZ3d3b0pwWnZTbzJOaUYwYlJsTGlJYzFWSldPVkwKRkFvUUdYV0hMMnRrdEs3dlh4SDc5MStNczRaR2c1UDRhT1k4bEpRODl1SVovbFExbXVFNE9tUlN3bnJpaHRLUworWDkzdjh6c1pLYTJGanZFKzVWc0I3QjZFS3pySDJBRm5RUU9NUXNiT1NzRm9iQU5pTEx4UXFwV1p0a2pvQ3JUCmN0dWhwVDVUUjFyR2Y1eUFsL2ZDUTZSNjNFQlZFVkFoaURrUXI5aTA4d0FFeXJyTnVwKzdTclQzQWdNQkFBR2oKWVRCZk1BNEdBMVVkRHdFQi93UUVBd0lDcERBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUlLd1lCQlFVSApBd0l3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFkQmdOVkhRNEVGZ1FVMEs1OFlROERCM3dVYXZxVEw0QVBUK0RqClFId3dEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBQU9uUE9YMjNEdldoVWY3WUhwbHE0LzhpN1F1cnlZbVdHenoKUXlMMGRQZm92d2VyQ080NUY1ZGY4dVdqSW5yc2xKN1gwVkR3VVQ3QXg0aHI4dkFqVjRyRGltOWw2dm96cDJPbwp5Zm1wcHlvWDU0VnVvVGFEYkxFUkpTaXVBaXJDcGxURkFxQ0NRM29qa0Rpb0ZjdU1oZEZQNFdDSHV0YUEybTYrCkVyTkd6WkFnZ3UrNWRpcnN6WTZ6L0NtSnNwcnhxeFFzNm16a3RpN3dhNWVNR21BeUNNaDBDcnRsTmRaQ0xBL08KZll3eFRvOFVralUxNGhKVUVsOHlaOEhPS3duN0dTUkJleFdKeHJDWkw4MExYeGRzMnpwMWVIQ3kxZXEvNTQrSAplV2w2Z3dJOFNkc3lScnFUbEcwTGw4aUJ5MjBYSGtRaU5CY2FER3AyU1BUYkp3Sk1LVmM9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBd3EzU3JXOFMxY1VSUjIwTWozMHVZeVhvRmZaaElVNW1KWnpqZW1VWHZSUE9QbkV6CkExWGNuVGlXYjBTYk1qL1cxbWkyTXFaWmUxYUpRMDZIWURab0YvamcrYUlQdkU3dk05d1RGeTF2UjZhQTRDa2kKUlp5TUp4MW45V2RWdmZxc1F5aEd0VnVWL0w0K2JNb1VwU0VnRU5ZK29kQlY0S0owYkZHN3RDQzYrQ2VMeVlSQgpKY1U2UndQQmFsRzNXNFkweVRwWUZhRlRHNHRkOFNWRGtaSCt6M3pZTkczazZhc004NThtQmpiTGhYcHNEU0tUCkhZcW5yaDdXN25hYjdDdCsrK282YWNxMnFiSU1UNGt4Tm4yOEs5U05PUkY5RmRaNTZGeDNDVy8zUVdmSzVESE4KcHlGUTNxWGJxYWFpbDI4bGpUME5uZDgwcHJpcXFPNW5hcEdORXdJREFRQUJBb0lCQUdKZHBlZlFDYnBOdXE5VwpZRlJZTWdvUzZ6TzlxOUpDWk1aNGdWQWtxRnYzRit6aEVaK0wwTTczK3JyNTlWanNmTWNWWFlvMkYxeUVteEtSCktVSHArNnF4TEN1MlFURXF5UjV4QW94aGZxcTdiTDdXeWVSV2QxS0VQelQySTVLOGlESGV0ZXVJL1Q0WmVqMUoKMWlpaGxpd3J0TFhhS0tvNks0MVh0dm9LMTYzdW1zYW02WjhuTjBHRjBKSkpPSkdacEluQXZEUTJaa2hIR0s3RgpvZmdzamVEbGVod2Q1MzBIMzczMHN4bGRybVBkT2s3bUk2cVdyd1RXTTJhK1lsY3V3Q0xNdkJLWGJIVm43enJkCjFDTUxLSDhkcHhzZ3ZGZ2tXdnpJWDNYUjVmd2RMZ29Wa0F2WkYwMlBWeVpyV2FDU0Y2S2N1ZkVGS282MVZJQUQKTEZhRTI5RUNnWUVBeXQvWXRYZitwNk1BU3FESVFQanNYeDZ1QTlnZXJRMit3ZmhrZ2dzYnR5QzAxei9QTS90SApYUUtuOWFreTRFZUswTGJoL1N0cEx0MmxNSG1ITy9EeUo5cHdaenZBWEhEazY2SDZPdmRHMFhFclJFNXFYYkZzCjFHZTAwejMzbC8xK2IzT3YxWThhbFQ0MWZrZDdia2VCdXdhSXJBdGVEQ1VMMDlObWFLcCswUzhDZ1lFQTlhaVUKSG5UaXJkaitIUS9mdjI5K2p4NTBlTkMvY0x5UmJnVTZaemI0SEtCRWhsamJ0TW9YRlhiZ1ZBeHNOZEZDSStUZQpMczkyZTgxYm94d1g5QitrdGtFK05wSzNPTlZsREwzWTBKczNvYmQ1bVYrYlRHajM3cUMyUThhaXVTelpYbG9iClVWQUpEd21xb25QeUpuR1RCblBPdlRkSmc4TS96eU9sZmsvZm9WMENnWUFka0F6Mk5Ld3BKWG1QWm1xSC9UNEUKaG1YNUxXOGE3SnZWakNxcFFKRWpXR0xCMHd5UW1KZEhtSEY5UE5DckdnSENkRVB1TG5zL1Z4RVJSVVJObWNqUAp3ZWNMUkF1OTdMMlBFS1YwSGtCMW1MWWpXQUhyOFVUWWx0d2t4Q3ptT3d4SGxXWVVDcXhtL3crd2ZSNGhiYzRiCndOSDlzQkplVnErb2lHK3Q1TnBpQlFLQmdRRG14d0szQmZsNWRqTnJHK0dIbHZkZS9pNU8zVlFyVllxTnYrMlkKenlRUXlHTDNqdngvZjZabDdMSmJZdnc1SnFlcXpyUUhaN0NZSjFpaUI1OWRJR2o5S3BlR2J4Z2ZGU0dEOGNtQQpWNERRdEd0UXNXZFVSZnc4dWMvZ0pmZnlXL2FzVTV2OExHTUdOSCtQYzdzVmNIYTloZ2UrNi9SdEN2eWozSW40CitwSk1wUUtCZ1FDTUxhWFUyN2ppUE42Q1RUTkQ4bGZiSXp1YlJrRDJIazFSckF0NXpGMDUvVDljOHRyMG9uSXAKdnZPUTc0bGhUWWZIZWlYaUFIb2h4WjRNZGRTYnlEU2REdVI4OUtUYnNjV082RUpxZ0Vwb1FuTzE1cU5PazllbAp1OE1DdytYNDc0T0doVnk0U0RSL0FWSWhqeWl5czc0VzBIUHR0TzczVGhTQVlFYUxJckZHV1E9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURVakNDQWpxZ0F3SUJBZ0lSQUl0anNlN1l6N3ZuSHVSMHExb1JtWnd3RFFZSktvWklodmNOQVFFTEJRQXcKTXpFeE1DOEdBMVVFQXhNb0wwTk9QVUZrYldsemMybHZiaUJEYjI1MGNtOXNiR1Z5SUZkbFltaHZiMnNnUkdWdApieUJEUVRBZUZ3MHlNekF4TVRJd016RTVNRFZhRncweU9EQXhNVE13TXpFNU1EVmFNRE14TVRBdkJnTlZCQU1UCktDOURUajFCWkcxcGMzTnBiMjRnUTI5dWRISnZiR3hsY2lCWFpXSm9iMjlySUVSbGJXOGdRMEV3Z2dFaU1BMEcKQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUURDcmRLdGJ4TFZ4UkZIYlF5UGZTNWpKZWdWOW1FaApUbVlsbk9ONlpSZTlFODQrY1RNRFZkeWRPSlp2UkpzeVA5YldhTFl5cGxsN1ZvbERUb2RnTm1nWCtPRDVvZys4ClR1OHozQk1YTFc5SHBvRGdLU0pGbkl3bkhXZjFaMVc5K3F4REtFYTFXNVg4dmo1c3loU2xJU0FRMWo2aDBGWGcKb25Sc1VidTBJTHI0SjR2SmhFRWx4VHBIQThGcVViZGJoalRKT2xnVm9WTWJpMTN4SlVPUmtmN1BmTmcwYmVUcApxd3p6bnlZR05zdUZlbXdOSXBNZGlxZXVIdGJ1ZHB2c0szNzc2anBweXJhcHNneFBpVEUyZmJ3cjFJMDVFWDBWCjFubm9YSGNKYi9kQlo4cmtNYzJuSVZEZXBkdXBwcUtYYnlXTlBRMmQzelNtdUtxbzdtZHFrWTBUQWdNQkFBR2oKWVRCZk1BNEdBMVVkRHdFQi93UUVBd0lDcERBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUlLd1lCQlFVSApBd0l3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFkQmdOVkhRNEVGZ1FVMFdOeTZkQTdFZERobUg1azBBVFZGOExXCitIQXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBRU1uRExjOXZoTkVMa1BzME5HdHMzTlp6RVQ4M2E4ODMvLzIKQm9iaXJTUThOWDhpc1A2WmYwcDRtWEtnU2dzN3FEai9qblowZFdiN2tlUDFxZnRmZktrMnNCRmUraEI2VUxQUgoycFZoQkVURXlIcktYNklnTFpUejBBcU1YWDVXemVUVTRCNlNzRXR0bTVGOWtWK1luWE85S2dNWnlzZEYxU1lQCitoOHY0QTJmUVVBSCtkcDd3ZHRzcnZxN0QzMUlaNlZkWlU3RXRzUjZJZExTYnluck15QXFHT0hyKzdxRTNqUmQKS2UxcXlTQkJRQWxSY3NWb29Ud2V3SjI0MTVENGF6WWhKa1NiQXhPK0gvaFkrb0w2UDhkeTdUbU1YQTRsNkdYVQp6T3pqMm9LRzVzRGlHVmNyM250TGpBelh0Q2ZuZHU0bUhPQTlDS0t4OGlzY1R3VVcydG89Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
---
# Source: datree-admission-webhook/templates/webhook-with-cert-secrets.yaml
apiVersion: v1
@ -106,8 +106,8 @@ metadata:
self-signed-cert: "true"
type: kubernetes.io/tls
data:
tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBeUVOamtDUU1ZK0NwKzhndE5zK014dnJ1WFA4dnVIa2pYS255aEF5YXBMb2VDdU80Ci90L0FlRWE1SFMyZHk3MVppemNNZ0xaanFqcGxBdk5qTFhEbjE3dG00eTVZUFJwQUgzWDhwcUN2bW0ya1dzM1QKUEZhY3BrRkljc2VCdTROVEJvSHVMbVcvTm9RMVcrS21DbHFEd3ZYKzk4ZzZQUmc1dkVCRmszUUkvM0RrRWlGdQo1R3lHQWZ2Tnp5cUVTbDNaajEzYm5rY0RuOXZ3VHE3RXY2YWhlbi83QjhELzB2YnBScFpYSkw4UTF4T1JOZDk0Cmh1VDh6U1QwekRZZnRLZDNYY0YrVWxKZklkNkNYSHc4THFkVUxJM3E4blhIb3NVeEtaY0ZWQ3YweGlaaWQvTk4KL3lTZGt0V3lNWEZHZDVIWjdqenVlVFdXZjB5bjJ4Vm5WbGNweVFJREFRQUJBb0lCQVFDZGlQVnZWQXd6SFc1YQpWRFBOSkNQWCsxazY2cnM5WUgzQ3pTV3JYc2Jmd2xFVHUrT3hDNDY2anRmYjdpQnRQenlMV1BpSzMrOHkzOURLCksyL2ZOU3dMOXEyUEZNdnc5UTl3TUQ1WlRab1YzeDRsR0RpTkJJMGg4OFRzRmFrbU9yNDdKa2FaVlF5LzgreU4KcFpOOEhZdjg5OHBrWEt3RGwyVURnNE8zNU5XWEtuQzdTaGNtL281RU5aOTRETjVBVFRxL1N1em0xYVJycXZiVQo2OEFrZllMNnFDbUFyaDlsb2w0aE9iTmE1MlZsdGtCNGE0R3hsNWlETjBNQlhJV1lmVUM2c1JIam1UUWJyUkd6CllRTE5tNmdwYTRPMUJDVjU1eVp5aFZrMlVyRENrandqaERiVGRHVGlDU25BRU9iSFJIUjhoYnFlQWwwbk5XQ1cKa3F5dXp5b0JBb0dCQU9sRGlMb1pEVEJuR2ZpYWhoY1lINmFvSUt3c2dLRHVPNDdOZkltSjAwZzRBTzFmOXNPNgptb1MyNUdMSVpFS1p0WmFtK2NGckk3RVBJSTVxV3lmQ3h5QURzdDhSdG5RVU5vUmFtVEVISE5sODBXVDVBd2xuCm9VYUdoaVV5RC9lYkNEU0wreGF2cFVtS29DeTR1Y095RjVHNEhsSmNCZE9HUWJiVUhtbzhsNkloQW9HQkFOdkkKYWtacGhUbmlBc3ZwV2VaN1daKzgrUTR2Z3FoVGE4Q1Q4WlU4a2hldXJETk5DaEFqNlljMnVKMldjd1JIMFExZApZOFhycHJXTDhjd2xRYmFmRmFMNnF1c2s4ZUtna0ltWm1DdWJZejNmSHRQNDg4N3FXSVZtQ2ZSbm0vcUZPdGo5CmZ5UTIxM3l0eTBIVlE0STI0eXNKeVBkZFNkaHZ3bC9QdllVTm5PS3BBb0dBUDc0eHZkRWN0bzVtSFhaMGtCa0sKaFN0S2ltSTY0RDlaelNOQUZnR3cxL3BkM29BcjJiN0RmT0xSdEdEWWJRNjkvYVl4ZC9hRU1WMVY0elVUSmVGbgpNc3R2OU45TlFabEljSkNsYmkxb1o5SmhFanV0NWNNSTRsSGVsSW1DcllJVEV2RHhzM2hhTGFlUkw4ZG5GQ0ExCnFwOXF3Y3pkMXJqSWVtS3EwUk12eUtFQ2dZQmlNVWhKN1JyNG9XRmVlUU1SVmtyVWN6bFNmU2VDek1KM1o2R24KYTBoYURGQWpHMmhEamNmb0FTcTZQVjFsckRCYUtEOUxUZDFOZnhpb2ZIeS9lcFBRSE8zLzRLR3cvc3VVcm1xdQpFTjVsNWlsL3l0b2l0OUNVeU9IcHIrQ2dMS1grREVPaGlsNzc5U202WCsycFg1eGV2aUJyWStKNk1IUkhHaWt5CktNTFBBUUtCZ1FDNXdvMFU2REF6NlN4Z3lCQkM3N2lBVWtsbU5vOFhoZnlEWGlwUWJDalMwV0RycWZPd2EyVDgKRkR1aXhhOHBmM0taWEdDQzQ1eU1BblZmWUY0dW1GU09xZkRPR0QyZFBlOWk3RWl1cWtOT1BZR0VXbk9hNzVuSApvdlNMN0Qvakg2L2Z0Tmh2UkVtdER2elBiT2x6VmY5bkk4M1pYZmpXQWl3YVFjMDlyYVlUbFE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURmRENDQW1TZ0F3SUJBZ0lSQU1yQTQreVRCL1dzejJDVzVKTkZRd1F3RFFZSktvWklodmNOQVFFTEJRQXcKTXpFeE1DOEdBMVVFQXhNb0wwTk9QVUZrYldsemMybHZiaUJEYjI1MGNtOXNiR1Z5SUZkbFltaHZiMnNnUkdWdApieUJEUVRBZUZ3MHlNakV5TWpZd01ERTJNRFJhRncweU56RXlNamN3TURFMk1EUmFNQzh4TFRBckJnTlZCQU1UCkpDOURUajFrWVhSeVpXVXRkMlZpYUc5dmF5MXpaWEoyWlhJdVpHRjBjbVZsTG5OMll6Q0NBU0l3RFFZSktvWkkKaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFNaERZNUFrREdQZ3FmdklMVGJQak1iNjdsei9MN2g1STF5cAo4b1FNbXFTNkhncmp1UDdmd0hoR3VSMHRuY3U5V1lzM0RJQzJZNm82WlFMell5MXc1OWU3WnVNdVdEMGFRQjkxCi9LYWdyNXB0cEZyTjB6eFduS1pCU0hMSGdidURVd2FCN2k1bHZ6YUVOVnZpcGdwYWc4TDEvdmZJT2owWU9ieEEKUlpOMENQOXc1QkloYnVSc2hnSDd6YzhxaEVwZDJZOWQyNTVIQTUvYjhFNnV4TCttb1hwLyt3ZkEvOUwyNlVhVwpWeVMvRU5jVGtUWGZlSWJrL00wazlNdzJIN1NuZDEzQmZsSlNYeUhlZ2x4OFBDNm5WQ3lONnZKMXg2TEZNU21YCkJWUXI5TVltWW5melRmOGtuWkxWc2pGeFJuZVIyZTQ4N25rMWxuOU1wOXNWWjFaWEtja0NBd0VBQWFPQmpqQ0IKaXpBT0JnTlZIUThCQWY4RUJBTUNCYUF3SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQndNQwpNQXdHQTFVZEV3RUIvd1FDTUFBd0h3WURWUjBqQkJnd0ZvQVUwSzU4WVE4REIzd1VhdnFUTDRBUFQrRGpRSHd3Ckt3WURWUjBSQkNRd0lvSWdaR0YwY21WbExYZGxZbWh2YjJzdGMyVnlkbVZ5TG1SaGRISmxaUzV6ZG1Nd0RRWUoKS29aSWh2Y05BUUVMQlFBRGdnRUJBSGc0UmYwaU9TajR2cFozdUNtVXlUM2ZCV0Z6L3ZDOEcxeUVzWVZXR1NYSwo2Ni8zRHEyazR0Vkd0MWhSaFp3a1R4dVRXTkpiejRzcmZYOEhIVi8va2RsbmlmbldLQnFKNFVYVHFSS1ZjaWc5ClkyYWtleXEydEN5MUFTcVltMVBLWGVxUjFrZkpoZVhKZU80UVorWnpoaE45VmNqWUpQTCs0OWhFc2tFRmJRenIKSHZPUDVwamsyYjl3K0plUExaMkVHZC9KeG11cjhmVzA4YjFkMTYvUjVxMUZ2bnN0Z2RFUjV2b2k4UmJhSmV0agplSmtyc096YUovUC93K3NaaUZVU2todnlNZkpiZ0RVSTh2aG80VFl6aFlZV0NPUnJoRzdGSFVsWWpMNU0xVnQwCjFEWkJvNEdkUFhPRFErRTRQdzIvM0xwdGs3RDBPWlJRVWhZRFgrL2VmMHM9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBNkI4STdsckhCR1BDOUowSkFpZldGNDFLbGRBVlN1Z29uQUFjeDU4UzdqRUVabEZNClBpcWpsdDhUenFaOVlQVThYT25xSFc4NmZ0ZlJZQXI2czFWaERJT0NCMjVXM3h1MDVKelg4aFpMK2tjcTNMWGQKZWZPc2hUSVkwN2wwZHpNR3QzZ1V5SnptLzZkUlRQQzg0VjU4dWpxbGRjbEJTY1JWVnFRSTZPemwzVVFva3RLegpPcEYrQUMwci90cDBoWnlEd3gwMGUrYkZCS2ExbEtSYTNhTllHWVRuU2p6cm1EY0FDU21LcmZDM3BCLzh3V3lnClpuNHVEeU1GVjhnaHJNVFNiQUUzOFRud08xQU81c0RDUk92Qm5CQ3lpTUtUditHMmNLTFRtRm1wMUxkWlRSOVAKdy9BZzZocVVWOUdYQ0hpTGJoVkRJZ3pYS2lXVzgrNVMyb2tCendJREFRQUJBb0lCQUV4VmFHcDZEOWl4dGZzYgphVXI4THJ1d0MwY1pGdWQ3VVY5NzZmcjdwUTRQc0pLMVNZMW9HRVFWT0Q1TklnNHdsNWsyazNiNmpSSUpoeUUrCmV4TmVrSHU5QTVYT0EyTjdpUkZsUXQ2cDFuS0gxT0NnTGlWY3JPOWdlaW1tWTFhUHdUVzBsNkVoZUJXNndGRzkKR1dCRDRtQ2J5SzNqY1VVQSs4OXlRanZYTEFDSE9TODlyeWpBRGJHeFJWR1FLRy9BMXBKaWhGaFVqUlI2a3F5TApyMng5aUpuYmlKYm1tY1N6VklqOFgra3d1TEQwWjlWbTB6N1duZ1kvYktIS0U3OWRxQkRpaG1mMzFuNHB4ZzJOCktnTU5ka1JZVGllYVJDQmJIRlBDR1VQTWlWMzNLd0I5eGVLamVsK0k1OXFSL0JldFovQ0FjV1FNZTVTM0phY2cKYUhGOEhBRUNnWUVBN2NDdW03OUh3ZjBIbFUyWWpDYkFvWnZsYjlRVWUxNDE3emN2YkQ1dVFmMTdkd1ZFQWlqdApYcG9STzB4dGZwUTgvTERpT00rcWl4NWdlZGRLLzJ3WnRJZ09nRjFRY09Kd3gvdTZwODAveTNNdE5IclJ5aU40CnpVZk1jdDQ1REF6UXl0OG4xVG5ZU3I4by9jRHNRVDVQSXBqTDFWRlNqNnJBTGdlMVdBalpLMkVDZ1lFQStlKzEKSHRFemEvckwvYXE3Q3NWZ2R1ejBPRVN5M1dkQW0xUXA2TksvWWp1SlVJQjMyODZKd2lxcVdyZko1bDZhUzhkaQo5ZytWSllzY3lSQjM3OGJVRkdlMzU0bEtRSThJcUlTTU1MTnpCbnVVQlY5ZmN0STBIYUNXdnV3N2NvT3FaTGVhClJ3ZkwyZTdaTEgvSVhqb3QrYTEzWmlqdjROcjRBYjY2YVFiWTZ5OENnWUVBakpjZUtaZEk5WnVNdW1zeVE5NCsKbHRJN01JKzJ0T1VXKzZna2NOdlNFMCt6ak1RZVhUQ2FmUkNhRS9pejN1QUYyRjg0eHVOMk0rSDRwdFA2MDJPMwpKNXcxQnc4bkhEbXErM2NOLzJCTjB4Nytva1BtZnFQUE1ZUzlqMGQ5Y0hTN210dXZFRld1WXpUN0ptTEkwaVBvClk4cjY3ZCt5OUtYQ0V2WVg5RUQzT3NFQ2dZRUE2Q0pZQVpCaUJ5Yy9zWkdSK1ZZSzIwb0hKZi9BZE55Q2FBSUsKanNDMm1vRWJieFp5dkVlZk1TUzVabHFPL2hUZGtBWlhCcHpBZE1jNDdCSU1vem56SGlTYTdVUlpINDc1aHJMZApGaHFGZWY3ckl2Wkt5M1VxakYzcnhOWFovT2tIS0ZaU3h5Z1prSWREVkE0MnhqV1pIKzJhR050cXVGZ0h3bThuCjZZWS9rR2NDZ1lCWlo2dUFNd0ozcHNTd0lESFRhYk1JLzRnU2ZUYTdwSTh3VHBiQkROTnRvcE94eEw3V1RXVE8KbW5mOVk3YkYyMjkxMnBaL2lhMXM1MlVWMU8vdTB0R3Q1OVNvN1ExclBrSHc0THQ2UjhTK3NRaG1GbC9xcmc4ZApITlBPN2tHbmdVZUhQZjRPdXB2WHVNTXNzTVNoK2JWQVZSMTJwV05BUjEraER1cVNLQTBGZ3c9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURmRENDQW1TZ0F3SUJBZ0lSQUltM3hneEF2MVNwRm5BdlVrMk85UFl3RFFZSktvWklodmNOQVFFTEJRQXcKTXpFeE1DOEdBMVVFQXhNb0wwTk9QVUZrYldsemMybHZiaUJEYjI1MGNtOXNiR1Z5SUZkbFltaHZiMnNnUkdWdApieUJEUVRBZUZ3MHlNekF4TVRJd016RTVNRFZhRncweU9EQXhNVE13TXpFNU1EVmFNQzh4TFRBckJnTlZCQU1UCkpDOURUajFrWVhSeVpXVXRkMlZpYUc5dmF5MXpaWEoyWlhJdVpHRjBjbVZsTG5OMll6Q0NBU0l3RFFZSktvWkkKaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFPZ2ZDTzVheHdSand2U2RDUUluMWhlTlNwWFFGVXJvS0p3QQpITWVmRXU0eEJHWlJURDRxbzViZkU4Nm1mV0QxUEZ6cDZoMXZPbjdYMFdBSytyTlZZUXlEZ2dkdVZ0OGJ0T1NjCjEvSVdTL3BIS3R5MTNYbnpySVV5R05PNWRIY3pCcmQ0Rk1pYzV2K25VVXp3dk9GZWZMbzZwWFhKUVVuRVZWYWsKQ09qczVkMUVLSkxTc3pxUmZnQXRLLzdhZElXY2c4TWROSHZteFFTbXRaU2tXdDJqV0JtRTUwbzg2NWczQUFrcAppcTN3dDZRZi9NRnNvR1orTGc4akJWZklJYXpFMG13Qk4vRTU4RHRRRHViQXdrVHJ3WndRc29qQ2s3L2h0bkNpCjA1aFpxZFMzV1UwZlQ4UHdJT29hbEZmUmx3aDRpMjRWUXlJTTF5b2xsdlB1VXRxSkFjOENBd0VBQWFPQmpqQ0IKaXpBT0JnTlZIUThCQWY4RUJBTUNCYUF3SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQndNQwpNQXdHQTFVZEV3RUIvd1FDTUFBd0h3WURWUjBqQkJnd0ZvQVUwV055NmRBN0VkRGhtSDVrMEFUVkY4TFcrSEF3Ckt3WURWUjBSQkNRd0lvSWdaR0YwY21WbExYZGxZbWh2YjJzdGMyVnlkbVZ5TG1SaGRISmxaUzV6ZG1Nd0RRWUoKS29aSWh2Y05BUUVMQlFBRGdnRUJBQTZNVWhOVFFJYjN6cGhXdDR3aWNkK2g1emVGb0R5T2NDbkJ4eFFYeEhYcgpoVVBYYUhlakJHTkNnK1orR0REenJway9CMG1EdXppU3ordkc1SEhnSW5WbGNMK3JDeGMvcno3N3loamEwUXRMCnJQQ3JEYmo2UXY3THFuKzZHMUVheldYM3QxSUs3RU9QSjhpbDdncmM4UmV0WUNEdUt3RE9JT2dRTndmamJaUnEKb3lOMWNYNjU2OS82YXFTU3pDT3BCd3VqanJ6SFlpUU5UakRraTB1a0dyYkcyYlJxVGVwd2wrTkpjN2EzMkwxTQpiMGE3dWNHSFQ3K0hxcjFhd3BRM3d4S0FZd3RlTUFJeFAvZGVOQlY4UHNBRmtBNnpueklmMjNDTDRVRG9lbU9sClRXMU5nb0hSVHBUeTd2cGZQRjNmUjlxWEk5K0I1ZkhjSVlKeEc3Zmp4c289Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
---
# Source: datree-admission-webhook/templates/cluster-scan-cronjob.yaml
apiVersion: rbac.authorization.k8s.io/v1
@ -507,7 +507,7 @@ metadata:
spec:
# get the current time, subtract 5 minutes, extract the minutes and inject it into the cron expression
# if helm installation was done at 13:35, the cron expression will be 30 * * * *, which means the job will run at 14:30, 15:30, 16:30, etc.
schedule: "11 * * * *" # every hour, starting 55 minutes after helm installation
schedule: "14 * * * *" # every hour, starting 55 minutes after helm installation
jobTemplate:
spec:
backoffLimit: 4
@ -706,7 +706,7 @@ webhooks:
name: datree-webhook-server
namespace: datree
path: "/validate"
caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURVakNDQWpxZ0F3SUJBZ0lSQUxKOUsyZ3FEaUVxdXNPNUlWREJBWmt3RFFZSktvWklodmNOQVFFTEJRQXcKTXpFeE1DOEdBMVVFQXhNb0wwTk9QVUZrYldsemMybHZiaUJEYjI1MGNtOXNiR1Z5SUZkbFltaHZiMnNnUkdWdApieUJEUVRBZUZ3MHlNakV5TWpZd01ERTJNRFJhRncweU56RXlNamN3TURFMk1EUmFNRE14TVRBdkJnTlZCQU1UCktDOURUajFCWkcxcGMzTnBiMjRnUTI5dWRISnZiR3hsY2lCWFpXSm9iMjlySUVSbGJXOGdRMEV3Z2dFaU1BMEcKQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUURzb0wySnhueE85V25CSk44MzBwY0xrN1Y3UG1OQgpaeFR4Y3lNNWdTSGNvcXo0TUg0RmZlS2Q1QXU3YkEyczYybmpWaDVUYjM1U1FJTlVEdFMvTU5TZDg1Tm5PdW5PCjFhcENld2NkVWxFZ3pZMVJ2clVHNDdic1U3U09yVXBxUmpSZ3d3b0pwWnZTbzJOaUYwYlJsTGlJYzFWSldPVkwKRkFvUUdYV0hMMnRrdEs3dlh4SDc5MStNczRaR2c1UDRhT1k4bEpRODl1SVovbFExbXVFNE9tUlN3bnJpaHRLUworWDkzdjh6c1pLYTJGanZFKzVWc0I3QjZFS3pySDJBRm5RUU9NUXNiT1NzRm9iQU5pTEx4UXFwV1p0a2pvQ3JUCmN0dWhwVDVUUjFyR2Y1eUFsL2ZDUTZSNjNFQlZFVkFoaURrUXI5aTA4d0FFeXJyTnVwKzdTclQzQWdNQkFBR2oKWVRCZk1BNEdBMVVkRHdFQi93UUVBd0lDcERBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUlLd1lCQlFVSApBd0l3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFkQmdOVkhRNEVGZ1FVMEs1OFlROERCM3dVYXZxVEw0QVBUK0RqClFId3dEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBQU9uUE9YMjNEdldoVWY3WUhwbHE0LzhpN1F1cnlZbVdHenoKUXlMMGRQZm92d2VyQ080NUY1ZGY4dVdqSW5yc2xKN1gwVkR3VVQ3QXg0aHI4dkFqVjRyRGltOWw2dm96cDJPbwp5Zm1wcHlvWDU0VnVvVGFEYkxFUkpTaXVBaXJDcGxURkFxQ0NRM29qa0Rpb0ZjdU1oZEZQNFdDSHV0YUEybTYrCkVyTkd6WkFnZ3UrNWRpcnN6WTZ6L0NtSnNwcnhxeFFzNm16a3RpN3dhNWVNR21BeUNNaDBDcnRsTmRaQ0xBL08KZll3eFRvOFVralUxNGhKVUVsOHlaOEhPS3duN0dTUkJleFdKeHJDWkw4MExYeGRzMnpwMWVIQ3kxZXEvNTQrSAplV2w2Z3dJOFNkc3lScnFUbEcwTGw4aUJ5MjBYSGtRaU5CY2FER3AyU1BUYkp3Sk1LVmM9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURVakNDQWpxZ0F3SUJBZ0lSQUl0anNlN1l6N3ZuSHVSMHExb1JtWnd3RFFZSktvWklodmNOQVFFTEJRQXcKTXpFeE1DOEdBMVVFQXhNb0wwTk9QVUZrYldsemMybHZiaUJEYjI1MGNtOXNiR1Z5SUZkbFltaHZiMnNnUkdWdApieUJEUVRBZUZ3MHlNekF4TVRJd016RTVNRFZhRncweU9EQXhNVE13TXpFNU1EVmFNRE14TVRBdkJnTlZCQU1UCktDOURUajFCWkcxcGMzTnBiMjRnUTI5dWRISnZiR3hsY2lCWFpXSm9iMjlySUVSbGJXOGdRMEV3Z2dFaU1BMEcKQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUURDcmRLdGJ4TFZ4UkZIYlF5UGZTNWpKZWdWOW1FaApUbVlsbk9ONlpSZTlFODQrY1RNRFZkeWRPSlp2UkpzeVA5YldhTFl5cGxsN1ZvbERUb2RnTm1nWCtPRDVvZys4ClR1OHozQk1YTFc5SHBvRGdLU0pGbkl3bkhXZjFaMVc5K3F4REtFYTFXNVg4dmo1c3loU2xJU0FRMWo2aDBGWGcKb25Sc1VidTBJTHI0SjR2SmhFRWx4VHBIQThGcVViZGJoalRKT2xnVm9WTWJpMTN4SlVPUmtmN1BmTmcwYmVUcApxd3p6bnlZR05zdUZlbXdOSXBNZGlxZXVIdGJ1ZHB2c0szNzc2anBweXJhcHNneFBpVEUyZmJ3cjFJMDVFWDBWCjFubm9YSGNKYi9kQlo4cmtNYzJuSVZEZXBkdXBwcUtYYnlXTlBRMmQzelNtdUtxbzdtZHFrWTBUQWdNQkFBR2oKWVRCZk1BNEdBMVVkRHdFQi93UUVBd0lDcERBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUlLd1lCQlFVSApBd0l3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFkQmdOVkhRNEVGZ1FVMFdOeTZkQTdFZERobUg1azBBVFZGOExXCitIQXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBRU1uRExjOXZoTkVMa1BzME5HdHMzTlp6RVQ4M2E4ODMvLzIKQm9iaXJTUThOWDhpc1A2WmYwcDRtWEtnU2dzN3FEai9qblowZFdiN2tlUDFxZnRmZktrMnNCRmUraEI2VUxQUgoycFZoQkVURXlIcktYNklnTFpUejBBcU1YWDVXemVUVTRCNlNzRXR0bTVGOWtWK1luWE85S2dNWnlzZEYxU1lQCitoOHY0QTJmUVVBSCtkcDd3ZHRzcnZxN0QzMUlaNlZkWlU3RXRzUjZJZExTYnluck15QXFHT0hyKzdxRTNqUmQKS2UxcXlTQkJRQWxSY3NWb29Ud2V3SjI0MTVENGF6WWhKa1NiQXhPK0gvaFkrb0w2UDhkeTdUbU1YQTRsNkdYVQp6T3pqMm9LRzVzRGlHVmNyM250TGpBelh0Q2ZuZHU0bUhPQTlDS0t4OGlzY1R3VVcydG89Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
namespaceSelector:
matchExpressions:
- key: admission.datree/validate