├── .github ├── dependabot.yml └── workflows │ ├── scorecard.yml │ └── stale.yml ├── CODEOWNERS ├── Policy_Bundles.md ├── README.md ├── SECURITY.md ├── anthos-bundles ├── cis-gke-v1.5.0 │ ├── .krmignore │ ├── Kptfile │ ├── README.md │ ├── apparmor.yaml │ ├── capabilities.yaml │ ├── host-namespace.yaml │ ├── host-port.yaml │ ├── host_namespaces_hostnetwork.yaml │ ├── hostpath-volumes.yaml │ ├── hostprocess.yaml │ ├── kustomization.yaml │ ├── privileged-containers.yaml │ ├── proc_mount_type.yaml │ ├── require-binauthz.yaml │ ├── require-cos-node-image.yaml │ ├── require-gke-metadata-server-enabled.yaml │ ├── require-ingress.class-gce.yaml │ ├── require-managed-certificates.yaml │ ├── require-namespace-networkpolicy.yaml │ ├── require-seccomp-default.yaml │ ├── require-securitycontext.yaml │ ├── restrict-automountserviceaccounttoken.yaml │ ├── restrict-bind-escalate-impersonate.yaml │ ├── restrict-certificatesigningrequests-approval.yaml │ ├── restrict-cluster-admin-role.yaml │ ├── restrict-creation-with-default-serviceaccount.yaml │ ├── restrict-default-namespace.yaml │ ├── restrict-env-var-secrets.yaml │ ├── restrict-loadbalancer.yaml │ ├── restrict-nodes-proxy.yaml │ ├── restrict-persistent-volume.yaml │ ├── restrict-pods-create.yaml │ ├── restrict-rbac-subjects.yaml │ ├── restrict-role-secrets.yaml │ ├── restrict-role-wildcards.yaml │ ├── restrict-secrets-of-type-basic-auth.yaml │ ├── restrict-serviceaccounts-token.yaml │ ├── restrict-system-masters-group.yaml │ ├── restrict-webhook-config.yaml │ ├── seccomp.yaml │ ├── selinux.yaml │ └── sysctls.yaml ├── cis-k8s-v1.7.1 │ ├── .krmignore │ ├── Kptfile │ ├── README.md │ ├── kustomization.yaml │ ├── require-admission-controller.yaml │ ├── require-binauthz.yaml │ ├── require-namespace-networkpolicy.yaml │ ├── require-seccomp-default.yaml │ ├── require-securitycontext.yaml │ ├── restrict-aggregation-controller.yaml │ ├── restrict-automountserviceaccounttoken.yaml │ ├── restrict-bind-escalate-impersonate.yaml │ ├── restrict-capabilities.yaml │ ├── restrict-certificatesigningrequests-approval.yaml │ ├── restrict-cluster-admin-role.yaml │ ├── restrict-creation-with-default-serviceaccount.yaml │ ├── restrict-default-namespace.yaml │ ├── restrict-env-var-secrets.yaml │ ├── restrict-host-namespace.yaml │ ├── restrict-host-port.yaml │ ├── restrict-hostpath-volumes.yaml │ ├── restrict-hosttnetwork.yaml │ ├── restrict-nodes-proxy.yaml │ ├── restrict-persistent-volume.yaml │ ├── restrict-pods-create.yaml │ ├── restrict-privilege-escalation.yaml │ ├── restrict-privileged-containers.yaml │ ├── restrict-role-secrets.yaml │ ├── restrict-role-wildcards.yaml │ ├── restrict-root-containers.yaml │ ├── restrict-secrets-of-type-basic-auth.yaml │ ├── restrict-serviceaccounts-token.yaml │ ├── restrict-system-masters-group.yaml │ ├── restrict-webhook-config.yaml │ └── restrict-windows-hostprocess.yaml ├── cost-reliability-v2023 │ ├── .krmignore │ ├── Kptfile │ ├── README.md │ ├── kustomization.yaml │ ├── pod-resources-best-practices.yaml │ ├── require-pod-disruption-budget.yaml │ ├── required-labels.yaml │ ├── restrict-repos.yaml │ └── spotvm-termination-grace.yaml ├── mitre-v2024 │ ├── .krmignore │ ├── Kptfile │ ├── README.md │ ├── apparmor.yaml │ ├── block-all-ingress.yaml │ ├── cronjob-restrict-repos.yaml │ ├── disallow-anonymous.yaml │ ├── host-namespaces-host-pid-ipc.yaml │ ├── host-namespaces-hostnetwork.yaml │ ├── host-ports.yaml │ ├── kustomization.yaml │ ├── no-secrets-as-env-vars.yaml │ ├── privileged-containers.yaml │ ├── proc-mount-type.yaml │ ├── require-binauthz.yaml │ ├── require-namespace-networkpolicy.yaml │ ├── restrict-admission-controller.yaml │ ├── restrict-automountserviceaccounttoken.yaml │ ├── restrict-capabilities.yaml │ ├── restrict-cluster-admin-role.yaml │ ├── restrict-hostpath-volumes.yaml │ ├── restrict-kubernetes-dashboard-namespace.yaml │ ├── restrict-pods-exec.yaml │ ├── restrict-rbac-subjects.yaml │ ├── restrict-repos.yaml │ ├── restrict-role-secrets.yaml │ ├── restrict-windows-hostprocess.yaml │ ├── seccomp.yaml │ ├── selinux.yaml │ └── sysctls.yaml ├── nist-sp-800-190 │ ├── .krmignore │ ├── Kptfile │ ├── README.md │ ├── apparmor.yaml │ ├── asm-peer-authn-strict-mtls.yaml │ ├── block-creation-with-default-serviceaccount.yaml │ ├── block-secrets-of-type-basic-auth.yaml │ ├── capabilities.yaml │ ├── cpu-and-memory-limits-required.yaml │ ├── enforce-config-management.yaml │ ├── host-namespaces.yaml │ ├── host-network.yaml │ ├── kustomization.yaml │ ├── nodes-have-consistent-time.yaml │ ├── privileged-containers.yaml │ ├── proc-mount-type.yaml │ ├── require-binauthz.yaml │ ├── require-managed-by-label.yaml │ ├── require-namespace-network-policies.yaml │ ├── restrict-clusteradmin-rolebindings.yaml │ ├── restrict-hostpath-volumes.yaml │ ├── restrict-rbac-subjects.yaml │ ├── restrict-repos.yaml │ ├── restrict-role-wildcards.yaml │ ├── restrict-volume-types.yaml │ ├── seccomp.yaml │ ├── selinux.yaml │ └── sysctls.yaml ├── nist-sp-800-53-r5 │ ├── .krmignore │ ├── Kptfile │ ├── README.md │ ├── apparmor.yaml │ ├── asm-peer-authn-strict-mtls.yaml │ ├── block-creation-with-default-serviceaccount.yaml │ ├── block-secrets-of-type-basic-auth.yaml │ ├── capabilities.yaml │ ├── cpu-and-memory-limits-required.yaml │ ├── enforce-config-management.yaml │ ├── host-namespaces.yaml │ ├── host-network.yaml │ ├── kustomization.yaml │ ├── nodes-have-consistent-time.yaml │ ├── privileged-containers.yaml │ ├── proc-mount-type.yaml │ ├── require-av-daemonset.yaml │ ├── require-binauthz.yaml │ ├── require-managed-by-label.yaml │ ├── require-namespace-network-policies.yaml │ ├── restrict-clusteradmin-rolebindings.yaml │ ├── restrict-hostpath-volumes.yaml │ ├── restrict-rbac-subjects.yaml │ ├── restrict-repos.yaml │ ├── restrict-role-wildcards.yaml │ ├── restrict-storageclass.yaml │ ├── restrict-volume-types.yaml │ ├── seccomp.yaml │ ├── selinux.yaml │ └── sysctls.yaml ├── nsa-cisa-k8s-v1.2 │ ├── .krmignore │ ├── Kptfile │ ├── README.md │ ├── apparmor.yaml │ ├── automount-serviceaccount-token-pod.yaml │ ├── block-all-ingress.yaml │ ├── block-secrets-of-type-basic-auth.yaml │ ├── capabilities.yaml │ ├── cpu-and-memory-limits-required.yaml │ ├── host-namespaces.yaml │ ├── host-network.yaml │ ├── hostport.yaml │ ├── kustomization.yaml │ ├── privilege-escalation.yaml │ ├── privileged-containers.yaml │ ├── readonlyrootfilesystem.yaml │ ├── require-namespace-network-policies.yaml │ ├── restrict-clusteradmin-rolebindings.yaml │ ├── restrict-edit-rolebindings.yaml │ ├── restrict-hostpath-volumes.yaml │ ├── restrict-pods-exec.yaml │ ├── running-as-non-root.yaml │ ├── seccomp.yaml │ └── selinux.yaml ├── pci-dss-v3.2.1-extended │ ├── .krmignore │ ├── 1.2_1.3.2_require-valid-network-ranges.yaml │ ├── 1.2_1.3_2.2.2_require-default-deny-network-policies.yaml │ ├── 1.2_1.3_block-all-ingress.yaml │ ├── 8.1_8.1.5_restrict-rbac-subjects.yaml │ ├── Kptfile │ ├── README.md │ └── kustomization.yaml ├── pci-dss-v3.2.1 │ ├── .krmignore │ ├── 1.1.4_resources-have-required-labels.yaml │ ├── 1.1.5-2.4_apps-must-have-certain-set-of-annotations.yaml │ ├── 1.2.2_8.1.2_enforce-managed-by-configmanagement-label.yaml │ ├── 1.2_require-namespace-network-policies.yaml │ ├── 10.4.1-10.4.3_nodes-have-consistent-time.yaml │ ├── 2.1_block-creation-with-default-serviceaccount.yaml │ ├── 2.1_restrict-default-namespace.yaml │ ├── 4.1_asm-peer-authn-strict-mtls.yaml │ ├── 5.1.1_5.3-require-av-daemonset.yaml │ ├── 5.3_6.1_6.4_enforce-config-management.yaml │ ├── 6.5_6.6_enforce-cloudarmor-backendconfig.yaml │ ├── 8.1.5_8.2.3_8.5_block-secrets-of-type-basic-auth.yaml │ ├── Kptfile │ ├── README.md │ └── kustomization.yaml ├── pci-dss-v4.0 │ ├── .krmignore │ ├── Kptfile │ ├── README.md │ ├── kustomization.yaml │ ├── require-apps-annotations.yaml │ ├── require-av-daemonset.yaml │ ├── require-binauthz.yaml │ ├── require-cloudarmor-backendconfig.yaml │ ├── require-config-management.yaml │ ├── require-default-deny-network-policies.yaml │ ├── require-managed-by-label.yaml │ ├── require-namespace-network-policies.yaml │ ├── require-peer-authentication-strict-mtls.yaml │ ├── require-valid-network-ranges.yaml │ ├── resources-have-required-labels.yaml │ ├── restrict-cluster-admin-role.yaml │ ├── restrict-creation-with-default-serviceaccount.yaml │ ├── restrict-default-namespace.yaml │ ├── restrict-ingress.yaml │ ├── restrict-node-image.yaml │ ├── restrict-pods-exec.yaml │ ├── restrict-rbac-subjects.yaml │ ├── restrict-role-wildcards.yaml │ └── restrict-storageclass.yaml └── pss-restricted-v2022 │ ├── .krmignore │ ├── Kptfile │ ├── README.md │ ├── capabilities.yaml │ ├── kustomization.yaml │ ├── privilege-escalation.yaml │ ├── running-as-non-root-user.yaml │ ├── running-as-non-root.yaml │ ├── seccomp.yaml │ └── volume-types.yaml ├── bundles ├── asm-policy-v0.0.1 │ ├── .krmignore │ ├── 1.1.1_asm-ingressgateway-label.yaml │ ├── 1.1.2_asm-sidecar-injection.yaml │ ├── 1.2.1_asm-authz-policy-mesh-default-deny.yaml │ ├── 1.2.2_asm-authz-policy-normalization.yaml │ ├── 1.2.3_asm-authz-policy-safe-pattern.yaml │ ├── 1.3.1_asm-peer-authn-mesh-strict-mtls.yaml │ ├── 1.3.2_asm-peer-authn-strict-mtls.yaml │ ├── 1.4.1_asm-request-authn-prohibited-output-headers.yaml │ ├── Kptfile │ ├── LICENSE │ ├── README.md │ └── kustomization.yaml ├── cis-k8s-v1.5.1 │ ├── .krmignore │ ├── 5.1.1_restrict-clusteradmin-rolebindings.yaml │ ├── 5.1.3_prohibit-role-wildcard-access.yaml │ ├── 5.2.1_psp-privileged-container.yaml │ ├── 5.2.2-5.2.3_psp-host-namespace.yaml │ ├── 5.2.4_psp-host-network-ports.yaml │ ├── 5.2.5_psp-allow-privilege-escalation-container.yaml │ ├── 5.2.6_psp-restrict_root_containers.yaml │ ├── 5.2.7-5.2.8-5.2.9_psp-capabilities.yaml │ ├── 5.3.2_require-namespace-network-policies.yaml │ ├── 5.4.1_no-secrets-as-env-vars.yaml │ ├── 5.7.2_seccomp-default.yaml │ ├── 5.7.3_pods-require-security-context.yaml │ ├── Kptfile │ ├── LICENSE │ ├── NOTICE │ ├── README.md │ └── kustomization.yaml ├── policy-essentials-v2022 │ ├── .krmignore │ ├── Kptfile │ ├── LICENSE │ ├── README.md │ ├── kustomization.yaml │ ├── no-secrets-as-env-vars.yaml │ ├── pods-require-security-context.yaml │ ├── prohibit-role-wildcard-access.yaml │ ├── psp-allow-privilege-escalation-container.yaml │ ├── psp-capabilities.yaml │ ├── psp-host-namespace.yaml │ ├── psp-host-network-ports.yaml │ ├── psp-privileged-container.yaml │ ├── psp-restrict_root_containers.yaml │ ├── restrict-clusteradmin-rolebindings.yaml │ └── seccomp-default.yaml ├── psp-v2022 │ ├── .krmignore │ ├── CHANGELOG.md │ ├── Kptfile │ ├── LICENSE │ ├── README.md │ ├── kustomization.yaml │ ├── psp-allow-privilege-escalation-container.yaml │ ├── psp-apparmor.yaml │ ├── psp-capabilities.yaml │ ├── psp-flexvolume-drivers.yaml │ ├── psp-forbidden-sysctls.yaml │ ├── psp-fsgroup.yaml │ ├── psp-host-filesystem.yaml │ ├── psp-host-namespace.yaml │ ├── psp-host-network-ports.yaml │ ├── psp-pods-allowed-user-ranges.yaml │ ├── psp-privileged-container.yaml │ ├── psp-proc-mount.yaml │ ├── psp-readonlyrootfilesystem.yaml │ ├── psp-seccomp.yaml │ ├── psp-selinux-v2.yaml │ └── psp-volume-types.yaml └── pss-baseline-v2022 │ ├── .krmignore │ ├── Kptfile │ ├── LICENSE │ ├── README.md │ ├── apparmor.yaml │ ├── capabilities.yaml │ ├── host-namespaces-host-pid-ipc.yaml │ ├── host-namespaces-hostnetwork.yaml │ ├── host-ports.yaml │ ├── hostpath-volumes.yaml │ ├── hostprocess.yaml │ ├── kustomization.yaml │ ├── privileged-containers.yaml │ ├── proc-mount-type.yaml │ ├── seccomp.yaml │ ├── selinux.yaml │ └── sysctls.yaml └── gke-custom-org-policy └── samples ├── LICENSE ├── NOTICE ├── README.md ├── control-plane-authority ├── control_plane_network_connection.yaml ├── control_plane_ssh_logs.yaml ├── control_plane_user_managed_keys_must_exist.yaml └── control_plane_user_managed_keys_must_start_with_project_id.yaml ├── disable_allow_all_traffic_firewals.yaml ├── disable_kubernetes_dashboard.yaml ├── disable_legacy_abac.yaml ├── enable_cloud_logging.yaml ├── enable_cos_node_pools.yaml ├── enable_cost_allocation.yaml ├── enable_gke_security_posture.yaml ├── enable_shielded_nodes.yaml ├── enforce_gke_auto_upgrade.yaml ├── enforce_gke_release_channel.yaml ├── require_master_authorized_networks.yaml └── require_workload_identity.yaml /.github/dependabot.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/.github/dependabot.yml -------------------------------------------------------------------------------- /.github/workflows/scorecard.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/.github/workflows/scorecard.yml -------------------------------------------------------------------------------- /.github/workflows/stale.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/.github/workflows/stale.yml -------------------------------------------------------------------------------- /CODEOWNERS: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/CODEOWNERS -------------------------------------------------------------------------------- /Policy_Bundles.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/Policy_Bundles.md -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/README.md -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/SECURITY.md -------------------------------------------------------------------------------- /anthos-bundles/cis-gke-v1.5.0/.krmignore: -------------------------------------------------------------------------------- 1 | kustomization.yaml 2 | -------------------------------------------------------------------------------- /anthos-bundles/cis-gke-v1.5.0/Kptfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-gke-v1.5.0/Kptfile -------------------------------------------------------------------------------- /anthos-bundles/cis-gke-v1.5.0/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-gke-v1.5.0/README.md -------------------------------------------------------------------------------- /anthos-bundles/cis-gke-v1.5.0/apparmor.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-gke-v1.5.0/apparmor.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-gke-v1.5.0/capabilities.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-gke-v1.5.0/capabilities.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-gke-v1.5.0/host-namespace.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-gke-v1.5.0/host-namespace.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-gke-v1.5.0/host-port.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-gke-v1.5.0/host-port.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-gke-v1.5.0/host_namespaces_hostnetwork.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-gke-v1.5.0/host_namespaces_hostnetwork.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-gke-v1.5.0/hostpath-volumes.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-gke-v1.5.0/hostpath-volumes.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-gke-v1.5.0/hostprocess.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-gke-v1.5.0/hostprocess.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-gke-v1.5.0/kustomization.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-gke-v1.5.0/kustomization.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-gke-v1.5.0/privileged-containers.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-gke-v1.5.0/privileged-containers.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-gke-v1.5.0/proc_mount_type.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-gke-v1.5.0/proc_mount_type.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-gke-v1.5.0/require-binauthz.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-gke-v1.5.0/require-binauthz.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-gke-v1.5.0/require-cos-node-image.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-gke-v1.5.0/require-cos-node-image.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-gke-v1.5.0/require-gke-metadata-server-enabled.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-gke-v1.5.0/require-gke-metadata-server-enabled.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-gke-v1.5.0/require-ingress.class-gce.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-gke-v1.5.0/require-ingress.class-gce.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-gke-v1.5.0/require-managed-certificates.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-gke-v1.5.0/require-managed-certificates.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-gke-v1.5.0/require-namespace-networkpolicy.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-gke-v1.5.0/require-namespace-networkpolicy.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-gke-v1.5.0/require-seccomp-default.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-gke-v1.5.0/require-seccomp-default.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-gke-v1.5.0/require-securitycontext.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-gke-v1.5.0/require-securitycontext.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-gke-v1.5.0/restrict-automountserviceaccounttoken.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-gke-v1.5.0/restrict-automountserviceaccounttoken.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-gke-v1.5.0/restrict-bind-escalate-impersonate.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-gke-v1.5.0/restrict-bind-escalate-impersonate.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-gke-v1.5.0/restrict-certificatesigningrequests-approval.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-gke-v1.5.0/restrict-certificatesigningrequests-approval.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-gke-v1.5.0/restrict-cluster-admin-role.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-gke-v1.5.0/restrict-cluster-admin-role.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-gke-v1.5.0/restrict-creation-with-default-serviceaccount.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-gke-v1.5.0/restrict-creation-with-default-serviceaccount.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-gke-v1.5.0/restrict-default-namespace.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-gke-v1.5.0/restrict-default-namespace.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-gke-v1.5.0/restrict-env-var-secrets.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-gke-v1.5.0/restrict-env-var-secrets.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-gke-v1.5.0/restrict-loadbalancer.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-gke-v1.5.0/restrict-loadbalancer.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-gke-v1.5.0/restrict-nodes-proxy.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-gke-v1.5.0/restrict-nodes-proxy.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-gke-v1.5.0/restrict-persistent-volume.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-gke-v1.5.0/restrict-persistent-volume.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-gke-v1.5.0/restrict-pods-create.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-gke-v1.5.0/restrict-pods-create.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-gke-v1.5.0/restrict-rbac-subjects.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-gke-v1.5.0/restrict-rbac-subjects.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-gke-v1.5.0/restrict-role-secrets.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-gke-v1.5.0/restrict-role-secrets.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-gke-v1.5.0/restrict-role-wildcards.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-gke-v1.5.0/restrict-role-wildcards.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-gke-v1.5.0/restrict-secrets-of-type-basic-auth.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-gke-v1.5.0/restrict-secrets-of-type-basic-auth.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-gke-v1.5.0/restrict-serviceaccounts-token.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-gke-v1.5.0/restrict-serviceaccounts-token.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-gke-v1.5.0/restrict-system-masters-group.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-gke-v1.5.0/restrict-system-masters-group.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-gke-v1.5.0/restrict-webhook-config.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-gke-v1.5.0/restrict-webhook-config.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-gke-v1.5.0/seccomp.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-gke-v1.5.0/seccomp.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-gke-v1.5.0/selinux.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-gke-v1.5.0/selinux.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-gke-v1.5.0/sysctls.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-gke-v1.5.0/sysctls.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-k8s-v1.7.1/.krmignore: -------------------------------------------------------------------------------- 1 | kustomization.yaml 2 | -------------------------------------------------------------------------------- /anthos-bundles/cis-k8s-v1.7.1/Kptfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-k8s-v1.7.1/Kptfile -------------------------------------------------------------------------------- /anthos-bundles/cis-k8s-v1.7.1/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-k8s-v1.7.1/README.md -------------------------------------------------------------------------------- /anthos-bundles/cis-k8s-v1.7.1/kustomization.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-k8s-v1.7.1/kustomization.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-k8s-v1.7.1/require-admission-controller.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-k8s-v1.7.1/require-admission-controller.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-k8s-v1.7.1/require-binauthz.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-k8s-v1.7.1/require-binauthz.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-k8s-v1.7.1/require-namespace-networkpolicy.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-k8s-v1.7.1/require-namespace-networkpolicy.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-k8s-v1.7.1/require-seccomp-default.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-k8s-v1.7.1/require-seccomp-default.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-k8s-v1.7.1/require-securitycontext.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-k8s-v1.7.1/require-securitycontext.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-k8s-v1.7.1/restrict-aggregation-controller.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-k8s-v1.7.1/restrict-aggregation-controller.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-k8s-v1.7.1/restrict-automountserviceaccounttoken.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-k8s-v1.7.1/restrict-automountserviceaccounttoken.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-k8s-v1.7.1/restrict-bind-escalate-impersonate.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-k8s-v1.7.1/restrict-bind-escalate-impersonate.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-k8s-v1.7.1/restrict-capabilities.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-k8s-v1.7.1/restrict-capabilities.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-k8s-v1.7.1/restrict-certificatesigningrequests-approval.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-k8s-v1.7.1/restrict-certificatesigningrequests-approval.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-k8s-v1.7.1/restrict-cluster-admin-role.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-k8s-v1.7.1/restrict-cluster-admin-role.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-k8s-v1.7.1/restrict-creation-with-default-serviceaccount.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-k8s-v1.7.1/restrict-creation-with-default-serviceaccount.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-k8s-v1.7.1/restrict-default-namespace.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-k8s-v1.7.1/restrict-default-namespace.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-k8s-v1.7.1/restrict-env-var-secrets.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-k8s-v1.7.1/restrict-env-var-secrets.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-k8s-v1.7.1/restrict-host-namespace.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-k8s-v1.7.1/restrict-host-namespace.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-k8s-v1.7.1/restrict-host-port.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-k8s-v1.7.1/restrict-host-port.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-k8s-v1.7.1/restrict-hostpath-volumes.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-k8s-v1.7.1/restrict-hostpath-volumes.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-k8s-v1.7.1/restrict-hosttnetwork.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-k8s-v1.7.1/restrict-hosttnetwork.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-k8s-v1.7.1/restrict-nodes-proxy.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-k8s-v1.7.1/restrict-nodes-proxy.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-k8s-v1.7.1/restrict-persistent-volume.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-k8s-v1.7.1/restrict-persistent-volume.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-k8s-v1.7.1/restrict-pods-create.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-k8s-v1.7.1/restrict-pods-create.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-k8s-v1.7.1/restrict-privilege-escalation.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-k8s-v1.7.1/restrict-privilege-escalation.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-k8s-v1.7.1/restrict-privileged-containers.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-k8s-v1.7.1/restrict-privileged-containers.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-k8s-v1.7.1/restrict-role-secrets.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-k8s-v1.7.1/restrict-role-secrets.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-k8s-v1.7.1/restrict-role-wildcards.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-k8s-v1.7.1/restrict-role-wildcards.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-k8s-v1.7.1/restrict-root-containers.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-k8s-v1.7.1/restrict-root-containers.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-k8s-v1.7.1/restrict-secrets-of-type-basic-auth.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-k8s-v1.7.1/restrict-secrets-of-type-basic-auth.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-k8s-v1.7.1/restrict-serviceaccounts-token.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-k8s-v1.7.1/restrict-serviceaccounts-token.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-k8s-v1.7.1/restrict-system-masters-group.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-k8s-v1.7.1/restrict-system-masters-group.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-k8s-v1.7.1/restrict-webhook-config.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-k8s-v1.7.1/restrict-webhook-config.yaml -------------------------------------------------------------------------------- /anthos-bundles/cis-k8s-v1.7.1/restrict-windows-hostprocess.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cis-k8s-v1.7.1/restrict-windows-hostprocess.yaml -------------------------------------------------------------------------------- /anthos-bundles/cost-reliability-v2023/.krmignore: -------------------------------------------------------------------------------- 1 | kustomization.yaml 2 | -------------------------------------------------------------------------------- /anthos-bundles/cost-reliability-v2023/Kptfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cost-reliability-v2023/Kptfile -------------------------------------------------------------------------------- /anthos-bundles/cost-reliability-v2023/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cost-reliability-v2023/README.md -------------------------------------------------------------------------------- /anthos-bundles/cost-reliability-v2023/kustomization.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cost-reliability-v2023/kustomization.yaml -------------------------------------------------------------------------------- /anthos-bundles/cost-reliability-v2023/pod-resources-best-practices.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cost-reliability-v2023/pod-resources-best-practices.yaml -------------------------------------------------------------------------------- /anthos-bundles/cost-reliability-v2023/require-pod-disruption-budget.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cost-reliability-v2023/require-pod-disruption-budget.yaml -------------------------------------------------------------------------------- /anthos-bundles/cost-reliability-v2023/required-labels.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cost-reliability-v2023/required-labels.yaml -------------------------------------------------------------------------------- /anthos-bundles/cost-reliability-v2023/restrict-repos.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cost-reliability-v2023/restrict-repos.yaml -------------------------------------------------------------------------------- /anthos-bundles/cost-reliability-v2023/spotvm-termination-grace.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/cost-reliability-v2023/spotvm-termination-grace.yaml -------------------------------------------------------------------------------- /anthos-bundles/mitre-v2024/.krmignore: -------------------------------------------------------------------------------- 1 | kustomization.yaml 2 | -------------------------------------------------------------------------------- /anthos-bundles/mitre-v2024/Kptfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/mitre-v2024/Kptfile -------------------------------------------------------------------------------- /anthos-bundles/mitre-v2024/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/mitre-v2024/README.md -------------------------------------------------------------------------------- /anthos-bundles/mitre-v2024/apparmor.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/mitre-v2024/apparmor.yaml -------------------------------------------------------------------------------- /anthos-bundles/mitre-v2024/block-all-ingress.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/mitre-v2024/block-all-ingress.yaml -------------------------------------------------------------------------------- /anthos-bundles/mitre-v2024/cronjob-restrict-repos.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/mitre-v2024/cronjob-restrict-repos.yaml -------------------------------------------------------------------------------- /anthos-bundles/mitre-v2024/disallow-anonymous.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/mitre-v2024/disallow-anonymous.yaml -------------------------------------------------------------------------------- /anthos-bundles/mitre-v2024/host-namespaces-host-pid-ipc.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/mitre-v2024/host-namespaces-host-pid-ipc.yaml -------------------------------------------------------------------------------- /anthos-bundles/mitre-v2024/host-namespaces-hostnetwork.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/mitre-v2024/host-namespaces-hostnetwork.yaml -------------------------------------------------------------------------------- /anthos-bundles/mitre-v2024/host-ports.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/mitre-v2024/host-ports.yaml -------------------------------------------------------------------------------- /anthos-bundles/mitre-v2024/kustomization.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/mitre-v2024/kustomization.yaml -------------------------------------------------------------------------------- /anthos-bundles/mitre-v2024/no-secrets-as-env-vars.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/mitre-v2024/no-secrets-as-env-vars.yaml -------------------------------------------------------------------------------- /anthos-bundles/mitre-v2024/privileged-containers.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/mitre-v2024/privileged-containers.yaml -------------------------------------------------------------------------------- /anthos-bundles/mitre-v2024/proc-mount-type.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/mitre-v2024/proc-mount-type.yaml -------------------------------------------------------------------------------- /anthos-bundles/mitre-v2024/require-binauthz.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/mitre-v2024/require-binauthz.yaml -------------------------------------------------------------------------------- /anthos-bundles/mitre-v2024/require-namespace-networkpolicy.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/mitre-v2024/require-namespace-networkpolicy.yaml -------------------------------------------------------------------------------- /anthos-bundles/mitre-v2024/restrict-admission-controller.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/mitre-v2024/restrict-admission-controller.yaml -------------------------------------------------------------------------------- /anthos-bundles/mitre-v2024/restrict-automountserviceaccounttoken.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/mitre-v2024/restrict-automountserviceaccounttoken.yaml -------------------------------------------------------------------------------- /anthos-bundles/mitre-v2024/restrict-capabilities.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/mitre-v2024/restrict-capabilities.yaml -------------------------------------------------------------------------------- /anthos-bundles/mitre-v2024/restrict-cluster-admin-role.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/mitre-v2024/restrict-cluster-admin-role.yaml -------------------------------------------------------------------------------- /anthos-bundles/mitre-v2024/restrict-hostpath-volumes.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/mitre-v2024/restrict-hostpath-volumes.yaml -------------------------------------------------------------------------------- /anthos-bundles/mitre-v2024/restrict-kubernetes-dashboard-namespace.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/mitre-v2024/restrict-kubernetes-dashboard-namespace.yaml -------------------------------------------------------------------------------- /anthos-bundles/mitre-v2024/restrict-pods-exec.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/mitre-v2024/restrict-pods-exec.yaml -------------------------------------------------------------------------------- /anthos-bundles/mitre-v2024/restrict-rbac-subjects.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/mitre-v2024/restrict-rbac-subjects.yaml -------------------------------------------------------------------------------- /anthos-bundles/mitre-v2024/restrict-repos.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/mitre-v2024/restrict-repos.yaml -------------------------------------------------------------------------------- /anthos-bundles/mitre-v2024/restrict-role-secrets.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/mitre-v2024/restrict-role-secrets.yaml -------------------------------------------------------------------------------- /anthos-bundles/mitre-v2024/restrict-windows-hostprocess.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/mitre-v2024/restrict-windows-hostprocess.yaml -------------------------------------------------------------------------------- /anthos-bundles/mitre-v2024/seccomp.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/mitre-v2024/seccomp.yaml -------------------------------------------------------------------------------- /anthos-bundles/mitre-v2024/selinux.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/mitre-v2024/selinux.yaml -------------------------------------------------------------------------------- /anthos-bundles/mitre-v2024/sysctls.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/mitre-v2024/sysctls.yaml -------------------------------------------------------------------------------- /anthos-bundles/nist-sp-800-190/.krmignore: -------------------------------------------------------------------------------- 1 | kustomization.yaml 2 | -------------------------------------------------------------------------------- /anthos-bundles/nist-sp-800-190/Kptfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nist-sp-800-190/Kptfile -------------------------------------------------------------------------------- /anthos-bundles/nist-sp-800-190/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nist-sp-800-190/README.md -------------------------------------------------------------------------------- /anthos-bundles/nist-sp-800-190/apparmor.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nist-sp-800-190/apparmor.yaml -------------------------------------------------------------------------------- /anthos-bundles/nist-sp-800-190/asm-peer-authn-strict-mtls.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nist-sp-800-190/asm-peer-authn-strict-mtls.yaml -------------------------------------------------------------------------------- /anthos-bundles/nist-sp-800-190/block-creation-with-default-serviceaccount.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nist-sp-800-190/block-creation-with-default-serviceaccount.yaml -------------------------------------------------------------------------------- /anthos-bundles/nist-sp-800-190/block-secrets-of-type-basic-auth.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nist-sp-800-190/block-secrets-of-type-basic-auth.yaml -------------------------------------------------------------------------------- /anthos-bundles/nist-sp-800-190/capabilities.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nist-sp-800-190/capabilities.yaml -------------------------------------------------------------------------------- /anthos-bundles/nist-sp-800-190/cpu-and-memory-limits-required.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nist-sp-800-190/cpu-and-memory-limits-required.yaml -------------------------------------------------------------------------------- /anthos-bundles/nist-sp-800-190/enforce-config-management.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nist-sp-800-190/enforce-config-management.yaml -------------------------------------------------------------------------------- /anthos-bundles/nist-sp-800-190/host-namespaces.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nist-sp-800-190/host-namespaces.yaml -------------------------------------------------------------------------------- /anthos-bundles/nist-sp-800-190/host-network.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nist-sp-800-190/host-network.yaml -------------------------------------------------------------------------------- /anthos-bundles/nist-sp-800-190/kustomization.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nist-sp-800-190/kustomization.yaml -------------------------------------------------------------------------------- /anthos-bundles/nist-sp-800-190/nodes-have-consistent-time.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nist-sp-800-190/nodes-have-consistent-time.yaml -------------------------------------------------------------------------------- /anthos-bundles/nist-sp-800-190/privileged-containers.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nist-sp-800-190/privileged-containers.yaml -------------------------------------------------------------------------------- /anthos-bundles/nist-sp-800-190/proc-mount-type.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nist-sp-800-190/proc-mount-type.yaml -------------------------------------------------------------------------------- /anthos-bundles/nist-sp-800-190/require-binauthz.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nist-sp-800-190/require-binauthz.yaml -------------------------------------------------------------------------------- /anthos-bundles/nist-sp-800-190/require-managed-by-label.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nist-sp-800-190/require-managed-by-label.yaml -------------------------------------------------------------------------------- /anthos-bundles/nist-sp-800-190/require-namespace-network-policies.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nist-sp-800-190/require-namespace-network-policies.yaml -------------------------------------------------------------------------------- /anthos-bundles/nist-sp-800-190/restrict-clusteradmin-rolebindings.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nist-sp-800-190/restrict-clusteradmin-rolebindings.yaml -------------------------------------------------------------------------------- /anthos-bundles/nist-sp-800-190/restrict-hostpath-volumes.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nist-sp-800-190/restrict-hostpath-volumes.yaml -------------------------------------------------------------------------------- /anthos-bundles/nist-sp-800-190/restrict-rbac-subjects.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nist-sp-800-190/restrict-rbac-subjects.yaml -------------------------------------------------------------------------------- /anthos-bundles/nist-sp-800-190/restrict-repos.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nist-sp-800-190/restrict-repos.yaml -------------------------------------------------------------------------------- /anthos-bundles/nist-sp-800-190/restrict-role-wildcards.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nist-sp-800-190/restrict-role-wildcards.yaml -------------------------------------------------------------------------------- /anthos-bundles/nist-sp-800-190/restrict-volume-types.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nist-sp-800-190/restrict-volume-types.yaml -------------------------------------------------------------------------------- /anthos-bundles/nist-sp-800-190/seccomp.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nist-sp-800-190/seccomp.yaml -------------------------------------------------------------------------------- /anthos-bundles/nist-sp-800-190/selinux.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nist-sp-800-190/selinux.yaml -------------------------------------------------------------------------------- /anthos-bundles/nist-sp-800-190/sysctls.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nist-sp-800-190/sysctls.yaml -------------------------------------------------------------------------------- /anthos-bundles/nist-sp-800-53-r5/.krmignore: -------------------------------------------------------------------------------- 1 | kustomization.yaml 2 | -------------------------------------------------------------------------------- /anthos-bundles/nist-sp-800-53-r5/Kptfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nist-sp-800-53-r5/Kptfile -------------------------------------------------------------------------------- /anthos-bundles/nist-sp-800-53-r5/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nist-sp-800-53-r5/README.md -------------------------------------------------------------------------------- /anthos-bundles/nist-sp-800-53-r5/apparmor.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nist-sp-800-53-r5/apparmor.yaml -------------------------------------------------------------------------------- /anthos-bundles/nist-sp-800-53-r5/asm-peer-authn-strict-mtls.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nist-sp-800-53-r5/asm-peer-authn-strict-mtls.yaml -------------------------------------------------------------------------------- /anthos-bundles/nist-sp-800-53-r5/block-creation-with-default-serviceaccount.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nist-sp-800-53-r5/block-creation-with-default-serviceaccount.yaml -------------------------------------------------------------------------------- /anthos-bundles/nist-sp-800-53-r5/block-secrets-of-type-basic-auth.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nist-sp-800-53-r5/block-secrets-of-type-basic-auth.yaml -------------------------------------------------------------------------------- /anthos-bundles/nist-sp-800-53-r5/capabilities.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nist-sp-800-53-r5/capabilities.yaml -------------------------------------------------------------------------------- /anthos-bundles/nist-sp-800-53-r5/cpu-and-memory-limits-required.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nist-sp-800-53-r5/cpu-and-memory-limits-required.yaml -------------------------------------------------------------------------------- /anthos-bundles/nist-sp-800-53-r5/enforce-config-management.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nist-sp-800-53-r5/enforce-config-management.yaml -------------------------------------------------------------------------------- /anthos-bundles/nist-sp-800-53-r5/host-namespaces.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nist-sp-800-53-r5/host-namespaces.yaml -------------------------------------------------------------------------------- /anthos-bundles/nist-sp-800-53-r5/host-network.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nist-sp-800-53-r5/host-network.yaml -------------------------------------------------------------------------------- /anthos-bundles/nist-sp-800-53-r5/kustomization.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nist-sp-800-53-r5/kustomization.yaml -------------------------------------------------------------------------------- /anthos-bundles/nist-sp-800-53-r5/nodes-have-consistent-time.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nist-sp-800-53-r5/nodes-have-consistent-time.yaml -------------------------------------------------------------------------------- /anthos-bundles/nist-sp-800-53-r5/privileged-containers.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nist-sp-800-53-r5/privileged-containers.yaml -------------------------------------------------------------------------------- /anthos-bundles/nist-sp-800-53-r5/proc-mount-type.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nist-sp-800-53-r5/proc-mount-type.yaml -------------------------------------------------------------------------------- /anthos-bundles/nist-sp-800-53-r5/require-av-daemonset.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nist-sp-800-53-r5/require-av-daemonset.yaml -------------------------------------------------------------------------------- /anthos-bundles/nist-sp-800-53-r5/require-binauthz.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nist-sp-800-53-r5/require-binauthz.yaml -------------------------------------------------------------------------------- /anthos-bundles/nist-sp-800-53-r5/require-managed-by-label.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nist-sp-800-53-r5/require-managed-by-label.yaml -------------------------------------------------------------------------------- /anthos-bundles/nist-sp-800-53-r5/require-namespace-network-policies.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nist-sp-800-53-r5/require-namespace-network-policies.yaml -------------------------------------------------------------------------------- /anthos-bundles/nist-sp-800-53-r5/restrict-clusteradmin-rolebindings.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nist-sp-800-53-r5/restrict-clusteradmin-rolebindings.yaml -------------------------------------------------------------------------------- /anthos-bundles/nist-sp-800-53-r5/restrict-hostpath-volumes.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nist-sp-800-53-r5/restrict-hostpath-volumes.yaml -------------------------------------------------------------------------------- /anthos-bundles/nist-sp-800-53-r5/restrict-rbac-subjects.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nist-sp-800-53-r5/restrict-rbac-subjects.yaml -------------------------------------------------------------------------------- /anthos-bundles/nist-sp-800-53-r5/restrict-repos.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nist-sp-800-53-r5/restrict-repos.yaml -------------------------------------------------------------------------------- /anthos-bundles/nist-sp-800-53-r5/restrict-role-wildcards.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nist-sp-800-53-r5/restrict-role-wildcards.yaml -------------------------------------------------------------------------------- /anthos-bundles/nist-sp-800-53-r5/restrict-storageclass.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nist-sp-800-53-r5/restrict-storageclass.yaml -------------------------------------------------------------------------------- /anthos-bundles/nist-sp-800-53-r5/restrict-volume-types.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nist-sp-800-53-r5/restrict-volume-types.yaml -------------------------------------------------------------------------------- /anthos-bundles/nist-sp-800-53-r5/seccomp.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nist-sp-800-53-r5/seccomp.yaml -------------------------------------------------------------------------------- /anthos-bundles/nist-sp-800-53-r5/selinux.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nist-sp-800-53-r5/selinux.yaml -------------------------------------------------------------------------------- /anthos-bundles/nist-sp-800-53-r5/sysctls.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nist-sp-800-53-r5/sysctls.yaml -------------------------------------------------------------------------------- /anthos-bundles/nsa-cisa-k8s-v1.2/.krmignore: -------------------------------------------------------------------------------- 1 | kustomization.yaml 2 | -------------------------------------------------------------------------------- /anthos-bundles/nsa-cisa-k8s-v1.2/Kptfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nsa-cisa-k8s-v1.2/Kptfile -------------------------------------------------------------------------------- /anthos-bundles/nsa-cisa-k8s-v1.2/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nsa-cisa-k8s-v1.2/README.md -------------------------------------------------------------------------------- /anthos-bundles/nsa-cisa-k8s-v1.2/apparmor.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nsa-cisa-k8s-v1.2/apparmor.yaml -------------------------------------------------------------------------------- /anthos-bundles/nsa-cisa-k8s-v1.2/automount-serviceaccount-token-pod.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nsa-cisa-k8s-v1.2/automount-serviceaccount-token-pod.yaml -------------------------------------------------------------------------------- /anthos-bundles/nsa-cisa-k8s-v1.2/block-all-ingress.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nsa-cisa-k8s-v1.2/block-all-ingress.yaml -------------------------------------------------------------------------------- /anthos-bundles/nsa-cisa-k8s-v1.2/block-secrets-of-type-basic-auth.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nsa-cisa-k8s-v1.2/block-secrets-of-type-basic-auth.yaml -------------------------------------------------------------------------------- /anthos-bundles/nsa-cisa-k8s-v1.2/capabilities.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nsa-cisa-k8s-v1.2/capabilities.yaml -------------------------------------------------------------------------------- /anthos-bundles/nsa-cisa-k8s-v1.2/cpu-and-memory-limits-required.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nsa-cisa-k8s-v1.2/cpu-and-memory-limits-required.yaml -------------------------------------------------------------------------------- /anthos-bundles/nsa-cisa-k8s-v1.2/host-namespaces.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nsa-cisa-k8s-v1.2/host-namespaces.yaml -------------------------------------------------------------------------------- /anthos-bundles/nsa-cisa-k8s-v1.2/host-network.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nsa-cisa-k8s-v1.2/host-network.yaml -------------------------------------------------------------------------------- /anthos-bundles/nsa-cisa-k8s-v1.2/hostport.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nsa-cisa-k8s-v1.2/hostport.yaml -------------------------------------------------------------------------------- /anthos-bundles/nsa-cisa-k8s-v1.2/kustomization.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nsa-cisa-k8s-v1.2/kustomization.yaml -------------------------------------------------------------------------------- /anthos-bundles/nsa-cisa-k8s-v1.2/privilege-escalation.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nsa-cisa-k8s-v1.2/privilege-escalation.yaml -------------------------------------------------------------------------------- /anthos-bundles/nsa-cisa-k8s-v1.2/privileged-containers.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nsa-cisa-k8s-v1.2/privileged-containers.yaml -------------------------------------------------------------------------------- /anthos-bundles/nsa-cisa-k8s-v1.2/readonlyrootfilesystem.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nsa-cisa-k8s-v1.2/readonlyrootfilesystem.yaml -------------------------------------------------------------------------------- /anthos-bundles/nsa-cisa-k8s-v1.2/require-namespace-network-policies.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nsa-cisa-k8s-v1.2/require-namespace-network-policies.yaml -------------------------------------------------------------------------------- /anthos-bundles/nsa-cisa-k8s-v1.2/restrict-clusteradmin-rolebindings.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nsa-cisa-k8s-v1.2/restrict-clusteradmin-rolebindings.yaml -------------------------------------------------------------------------------- /anthos-bundles/nsa-cisa-k8s-v1.2/restrict-edit-rolebindings.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nsa-cisa-k8s-v1.2/restrict-edit-rolebindings.yaml -------------------------------------------------------------------------------- /anthos-bundles/nsa-cisa-k8s-v1.2/restrict-hostpath-volumes.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nsa-cisa-k8s-v1.2/restrict-hostpath-volumes.yaml -------------------------------------------------------------------------------- /anthos-bundles/nsa-cisa-k8s-v1.2/restrict-pods-exec.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nsa-cisa-k8s-v1.2/restrict-pods-exec.yaml -------------------------------------------------------------------------------- /anthos-bundles/nsa-cisa-k8s-v1.2/running-as-non-root.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nsa-cisa-k8s-v1.2/running-as-non-root.yaml -------------------------------------------------------------------------------- /anthos-bundles/nsa-cisa-k8s-v1.2/seccomp.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nsa-cisa-k8s-v1.2/seccomp.yaml -------------------------------------------------------------------------------- /anthos-bundles/nsa-cisa-k8s-v1.2/selinux.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/nsa-cisa-k8s-v1.2/selinux.yaml -------------------------------------------------------------------------------- /anthos-bundles/pci-dss-v3.2.1-extended/.krmignore: -------------------------------------------------------------------------------- 1 | kustomization.yaml 2 | -------------------------------------------------------------------------------- /anthos-bundles/pci-dss-v3.2.1-extended/1.2_1.3.2_require-valid-network-ranges.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/pci-dss-v3.2.1-extended/1.2_1.3.2_require-valid-network-ranges.yaml -------------------------------------------------------------------------------- /anthos-bundles/pci-dss-v3.2.1-extended/1.2_1.3_2.2.2_require-default-deny-network-policies.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/pci-dss-v3.2.1-extended/1.2_1.3_2.2.2_require-default-deny-network-policies.yaml -------------------------------------------------------------------------------- /anthos-bundles/pci-dss-v3.2.1-extended/1.2_1.3_block-all-ingress.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/pci-dss-v3.2.1-extended/1.2_1.3_block-all-ingress.yaml -------------------------------------------------------------------------------- /anthos-bundles/pci-dss-v3.2.1-extended/8.1_8.1.5_restrict-rbac-subjects.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/pci-dss-v3.2.1-extended/8.1_8.1.5_restrict-rbac-subjects.yaml -------------------------------------------------------------------------------- /anthos-bundles/pci-dss-v3.2.1-extended/Kptfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/pci-dss-v3.2.1-extended/Kptfile -------------------------------------------------------------------------------- /anthos-bundles/pci-dss-v3.2.1-extended/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/pci-dss-v3.2.1-extended/README.md -------------------------------------------------------------------------------- /anthos-bundles/pci-dss-v3.2.1-extended/kustomization.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/pci-dss-v3.2.1-extended/kustomization.yaml -------------------------------------------------------------------------------- /anthos-bundles/pci-dss-v3.2.1/.krmignore: -------------------------------------------------------------------------------- 1 | kustomization.yaml 2 | -------------------------------------------------------------------------------- /anthos-bundles/pci-dss-v3.2.1/1.1.4_resources-have-required-labels.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/pci-dss-v3.2.1/1.1.4_resources-have-required-labels.yaml -------------------------------------------------------------------------------- /anthos-bundles/pci-dss-v3.2.1/1.1.5-2.4_apps-must-have-certain-set-of-annotations.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/pci-dss-v3.2.1/1.1.5-2.4_apps-must-have-certain-set-of-annotations.yaml -------------------------------------------------------------------------------- /anthos-bundles/pci-dss-v3.2.1/1.2.2_8.1.2_enforce-managed-by-configmanagement-label.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/pci-dss-v3.2.1/1.2.2_8.1.2_enforce-managed-by-configmanagement-label.yaml -------------------------------------------------------------------------------- /anthos-bundles/pci-dss-v3.2.1/1.2_require-namespace-network-policies.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/pci-dss-v3.2.1/1.2_require-namespace-network-policies.yaml -------------------------------------------------------------------------------- /anthos-bundles/pci-dss-v3.2.1/10.4.1-10.4.3_nodes-have-consistent-time.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/pci-dss-v3.2.1/10.4.1-10.4.3_nodes-have-consistent-time.yaml -------------------------------------------------------------------------------- /anthos-bundles/pci-dss-v3.2.1/2.1_block-creation-with-default-serviceaccount.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/pci-dss-v3.2.1/2.1_block-creation-with-default-serviceaccount.yaml -------------------------------------------------------------------------------- /anthos-bundles/pci-dss-v3.2.1/2.1_restrict-default-namespace.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/pci-dss-v3.2.1/2.1_restrict-default-namespace.yaml -------------------------------------------------------------------------------- /anthos-bundles/pci-dss-v3.2.1/4.1_asm-peer-authn-strict-mtls.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/pci-dss-v3.2.1/4.1_asm-peer-authn-strict-mtls.yaml -------------------------------------------------------------------------------- /anthos-bundles/pci-dss-v3.2.1/5.1.1_5.3-require-av-daemonset.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/pci-dss-v3.2.1/5.1.1_5.3-require-av-daemonset.yaml -------------------------------------------------------------------------------- /anthos-bundles/pci-dss-v3.2.1/5.3_6.1_6.4_enforce-config-management.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/pci-dss-v3.2.1/5.3_6.1_6.4_enforce-config-management.yaml -------------------------------------------------------------------------------- /anthos-bundles/pci-dss-v3.2.1/6.5_6.6_enforce-cloudarmor-backendconfig.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/pci-dss-v3.2.1/6.5_6.6_enforce-cloudarmor-backendconfig.yaml -------------------------------------------------------------------------------- /anthos-bundles/pci-dss-v3.2.1/8.1.5_8.2.3_8.5_block-secrets-of-type-basic-auth.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/pci-dss-v3.2.1/8.1.5_8.2.3_8.5_block-secrets-of-type-basic-auth.yaml -------------------------------------------------------------------------------- /anthos-bundles/pci-dss-v3.2.1/Kptfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/pci-dss-v3.2.1/Kptfile -------------------------------------------------------------------------------- /anthos-bundles/pci-dss-v3.2.1/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/pci-dss-v3.2.1/README.md -------------------------------------------------------------------------------- /anthos-bundles/pci-dss-v3.2.1/kustomization.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/pci-dss-v3.2.1/kustomization.yaml -------------------------------------------------------------------------------- /anthos-bundles/pci-dss-v4.0/.krmignore: -------------------------------------------------------------------------------- 1 | kustomization.yaml 2 | -------------------------------------------------------------------------------- /anthos-bundles/pci-dss-v4.0/Kptfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/pci-dss-v4.0/Kptfile -------------------------------------------------------------------------------- /anthos-bundles/pci-dss-v4.0/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/pci-dss-v4.0/README.md -------------------------------------------------------------------------------- /anthos-bundles/pci-dss-v4.0/kustomization.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/pci-dss-v4.0/kustomization.yaml -------------------------------------------------------------------------------- /anthos-bundles/pci-dss-v4.0/require-apps-annotations.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/pci-dss-v4.0/require-apps-annotations.yaml -------------------------------------------------------------------------------- /anthos-bundles/pci-dss-v4.0/require-av-daemonset.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/pci-dss-v4.0/require-av-daemonset.yaml -------------------------------------------------------------------------------- /anthos-bundles/pci-dss-v4.0/require-binauthz.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/pci-dss-v4.0/require-binauthz.yaml -------------------------------------------------------------------------------- /anthos-bundles/pci-dss-v4.0/require-cloudarmor-backendconfig.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/pci-dss-v4.0/require-cloudarmor-backendconfig.yaml -------------------------------------------------------------------------------- /anthos-bundles/pci-dss-v4.0/require-config-management.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/pci-dss-v4.0/require-config-management.yaml -------------------------------------------------------------------------------- /anthos-bundles/pci-dss-v4.0/require-default-deny-network-policies.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/pci-dss-v4.0/require-default-deny-network-policies.yaml -------------------------------------------------------------------------------- /anthos-bundles/pci-dss-v4.0/require-managed-by-label.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/pci-dss-v4.0/require-managed-by-label.yaml -------------------------------------------------------------------------------- /anthos-bundles/pci-dss-v4.0/require-namespace-network-policies.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/pci-dss-v4.0/require-namespace-network-policies.yaml -------------------------------------------------------------------------------- /anthos-bundles/pci-dss-v4.0/require-peer-authentication-strict-mtls.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/pci-dss-v4.0/require-peer-authentication-strict-mtls.yaml -------------------------------------------------------------------------------- /anthos-bundles/pci-dss-v4.0/require-valid-network-ranges.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/pci-dss-v4.0/require-valid-network-ranges.yaml -------------------------------------------------------------------------------- /anthos-bundles/pci-dss-v4.0/resources-have-required-labels.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/pci-dss-v4.0/resources-have-required-labels.yaml -------------------------------------------------------------------------------- /anthos-bundles/pci-dss-v4.0/restrict-cluster-admin-role.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/pci-dss-v4.0/restrict-cluster-admin-role.yaml -------------------------------------------------------------------------------- /anthos-bundles/pci-dss-v4.0/restrict-creation-with-default-serviceaccount.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/pci-dss-v4.0/restrict-creation-with-default-serviceaccount.yaml -------------------------------------------------------------------------------- /anthos-bundles/pci-dss-v4.0/restrict-default-namespace.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/pci-dss-v4.0/restrict-default-namespace.yaml -------------------------------------------------------------------------------- /anthos-bundles/pci-dss-v4.0/restrict-ingress.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/pci-dss-v4.0/restrict-ingress.yaml -------------------------------------------------------------------------------- /anthos-bundles/pci-dss-v4.0/restrict-node-image.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/pci-dss-v4.0/restrict-node-image.yaml -------------------------------------------------------------------------------- /anthos-bundles/pci-dss-v4.0/restrict-pods-exec.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/pci-dss-v4.0/restrict-pods-exec.yaml -------------------------------------------------------------------------------- /anthos-bundles/pci-dss-v4.0/restrict-rbac-subjects.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/pci-dss-v4.0/restrict-rbac-subjects.yaml -------------------------------------------------------------------------------- /anthos-bundles/pci-dss-v4.0/restrict-role-wildcards.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/pci-dss-v4.0/restrict-role-wildcards.yaml -------------------------------------------------------------------------------- /anthos-bundles/pci-dss-v4.0/restrict-storageclass.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/pci-dss-v4.0/restrict-storageclass.yaml -------------------------------------------------------------------------------- /anthos-bundles/pss-restricted-v2022/.krmignore: -------------------------------------------------------------------------------- 1 | kustomization.yaml 2 | -------------------------------------------------------------------------------- /anthos-bundles/pss-restricted-v2022/Kptfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/pss-restricted-v2022/Kptfile -------------------------------------------------------------------------------- /anthos-bundles/pss-restricted-v2022/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/pss-restricted-v2022/README.md -------------------------------------------------------------------------------- /anthos-bundles/pss-restricted-v2022/capabilities.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/pss-restricted-v2022/capabilities.yaml -------------------------------------------------------------------------------- /anthos-bundles/pss-restricted-v2022/kustomization.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/pss-restricted-v2022/kustomization.yaml -------------------------------------------------------------------------------- /anthos-bundles/pss-restricted-v2022/privilege-escalation.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/pss-restricted-v2022/privilege-escalation.yaml -------------------------------------------------------------------------------- /anthos-bundles/pss-restricted-v2022/running-as-non-root-user.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/pss-restricted-v2022/running-as-non-root-user.yaml -------------------------------------------------------------------------------- /anthos-bundles/pss-restricted-v2022/running-as-non-root.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/pss-restricted-v2022/running-as-non-root.yaml -------------------------------------------------------------------------------- /anthos-bundles/pss-restricted-v2022/seccomp.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/pss-restricted-v2022/seccomp.yaml -------------------------------------------------------------------------------- /anthos-bundles/pss-restricted-v2022/volume-types.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/anthos-bundles/pss-restricted-v2022/volume-types.yaml -------------------------------------------------------------------------------- /bundles/asm-policy-v0.0.1/.krmignore: -------------------------------------------------------------------------------- 1 | kustomization.yaml 2 | -------------------------------------------------------------------------------- /bundles/asm-policy-v0.0.1/1.1.1_asm-ingressgateway-label.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/asm-policy-v0.0.1/1.1.1_asm-ingressgateway-label.yaml -------------------------------------------------------------------------------- /bundles/asm-policy-v0.0.1/1.1.2_asm-sidecar-injection.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/asm-policy-v0.0.1/1.1.2_asm-sidecar-injection.yaml -------------------------------------------------------------------------------- /bundles/asm-policy-v0.0.1/1.2.1_asm-authz-policy-mesh-default-deny.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/asm-policy-v0.0.1/1.2.1_asm-authz-policy-mesh-default-deny.yaml -------------------------------------------------------------------------------- /bundles/asm-policy-v0.0.1/1.2.2_asm-authz-policy-normalization.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/asm-policy-v0.0.1/1.2.2_asm-authz-policy-normalization.yaml -------------------------------------------------------------------------------- /bundles/asm-policy-v0.0.1/1.2.3_asm-authz-policy-safe-pattern.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/asm-policy-v0.0.1/1.2.3_asm-authz-policy-safe-pattern.yaml -------------------------------------------------------------------------------- /bundles/asm-policy-v0.0.1/1.3.1_asm-peer-authn-mesh-strict-mtls.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/asm-policy-v0.0.1/1.3.1_asm-peer-authn-mesh-strict-mtls.yaml -------------------------------------------------------------------------------- /bundles/asm-policy-v0.0.1/1.3.2_asm-peer-authn-strict-mtls.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/asm-policy-v0.0.1/1.3.2_asm-peer-authn-strict-mtls.yaml -------------------------------------------------------------------------------- /bundles/asm-policy-v0.0.1/1.4.1_asm-request-authn-prohibited-output-headers.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/asm-policy-v0.0.1/1.4.1_asm-request-authn-prohibited-output-headers.yaml -------------------------------------------------------------------------------- /bundles/asm-policy-v0.0.1/Kptfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/asm-policy-v0.0.1/Kptfile -------------------------------------------------------------------------------- /bundles/asm-policy-v0.0.1/LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/asm-policy-v0.0.1/LICENSE -------------------------------------------------------------------------------- /bundles/asm-policy-v0.0.1/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/asm-policy-v0.0.1/README.md -------------------------------------------------------------------------------- /bundles/asm-policy-v0.0.1/kustomization.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/asm-policy-v0.0.1/kustomization.yaml -------------------------------------------------------------------------------- /bundles/cis-k8s-v1.5.1/.krmignore: -------------------------------------------------------------------------------- 1 | kustomization.yaml 2 | -------------------------------------------------------------------------------- /bundles/cis-k8s-v1.5.1/5.1.1_restrict-clusteradmin-rolebindings.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/cis-k8s-v1.5.1/5.1.1_restrict-clusteradmin-rolebindings.yaml -------------------------------------------------------------------------------- /bundles/cis-k8s-v1.5.1/5.1.3_prohibit-role-wildcard-access.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/cis-k8s-v1.5.1/5.1.3_prohibit-role-wildcard-access.yaml -------------------------------------------------------------------------------- /bundles/cis-k8s-v1.5.1/5.2.1_psp-privileged-container.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/cis-k8s-v1.5.1/5.2.1_psp-privileged-container.yaml -------------------------------------------------------------------------------- /bundles/cis-k8s-v1.5.1/5.2.2-5.2.3_psp-host-namespace.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/cis-k8s-v1.5.1/5.2.2-5.2.3_psp-host-namespace.yaml -------------------------------------------------------------------------------- /bundles/cis-k8s-v1.5.1/5.2.4_psp-host-network-ports.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/cis-k8s-v1.5.1/5.2.4_psp-host-network-ports.yaml -------------------------------------------------------------------------------- /bundles/cis-k8s-v1.5.1/5.2.5_psp-allow-privilege-escalation-container.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/cis-k8s-v1.5.1/5.2.5_psp-allow-privilege-escalation-container.yaml -------------------------------------------------------------------------------- /bundles/cis-k8s-v1.5.1/5.2.6_psp-restrict_root_containers.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/cis-k8s-v1.5.1/5.2.6_psp-restrict_root_containers.yaml -------------------------------------------------------------------------------- /bundles/cis-k8s-v1.5.1/5.2.7-5.2.8-5.2.9_psp-capabilities.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/cis-k8s-v1.5.1/5.2.7-5.2.8-5.2.9_psp-capabilities.yaml -------------------------------------------------------------------------------- /bundles/cis-k8s-v1.5.1/5.3.2_require-namespace-network-policies.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/cis-k8s-v1.5.1/5.3.2_require-namespace-network-policies.yaml -------------------------------------------------------------------------------- /bundles/cis-k8s-v1.5.1/5.4.1_no-secrets-as-env-vars.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/cis-k8s-v1.5.1/5.4.1_no-secrets-as-env-vars.yaml -------------------------------------------------------------------------------- /bundles/cis-k8s-v1.5.1/5.7.2_seccomp-default.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/cis-k8s-v1.5.1/5.7.2_seccomp-default.yaml -------------------------------------------------------------------------------- /bundles/cis-k8s-v1.5.1/5.7.3_pods-require-security-context.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/cis-k8s-v1.5.1/5.7.3_pods-require-security-context.yaml -------------------------------------------------------------------------------- /bundles/cis-k8s-v1.5.1/Kptfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/cis-k8s-v1.5.1/Kptfile -------------------------------------------------------------------------------- /bundles/cis-k8s-v1.5.1/LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/cis-k8s-v1.5.1/LICENSE -------------------------------------------------------------------------------- /bundles/cis-k8s-v1.5.1/NOTICE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/cis-k8s-v1.5.1/NOTICE -------------------------------------------------------------------------------- /bundles/cis-k8s-v1.5.1/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/cis-k8s-v1.5.1/README.md -------------------------------------------------------------------------------- /bundles/cis-k8s-v1.5.1/kustomization.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/cis-k8s-v1.5.1/kustomization.yaml -------------------------------------------------------------------------------- /bundles/policy-essentials-v2022/.krmignore: -------------------------------------------------------------------------------- 1 | kustomization.yaml 2 | -------------------------------------------------------------------------------- /bundles/policy-essentials-v2022/Kptfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/policy-essentials-v2022/Kptfile -------------------------------------------------------------------------------- /bundles/policy-essentials-v2022/LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/policy-essentials-v2022/LICENSE -------------------------------------------------------------------------------- /bundles/policy-essentials-v2022/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/policy-essentials-v2022/README.md -------------------------------------------------------------------------------- /bundles/policy-essentials-v2022/kustomization.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/policy-essentials-v2022/kustomization.yaml -------------------------------------------------------------------------------- /bundles/policy-essentials-v2022/no-secrets-as-env-vars.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/policy-essentials-v2022/no-secrets-as-env-vars.yaml -------------------------------------------------------------------------------- /bundles/policy-essentials-v2022/pods-require-security-context.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/policy-essentials-v2022/pods-require-security-context.yaml -------------------------------------------------------------------------------- /bundles/policy-essentials-v2022/prohibit-role-wildcard-access.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/policy-essentials-v2022/prohibit-role-wildcard-access.yaml -------------------------------------------------------------------------------- /bundles/policy-essentials-v2022/psp-allow-privilege-escalation-container.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/policy-essentials-v2022/psp-allow-privilege-escalation-container.yaml -------------------------------------------------------------------------------- /bundles/policy-essentials-v2022/psp-capabilities.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/policy-essentials-v2022/psp-capabilities.yaml -------------------------------------------------------------------------------- /bundles/policy-essentials-v2022/psp-host-namespace.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/policy-essentials-v2022/psp-host-namespace.yaml -------------------------------------------------------------------------------- /bundles/policy-essentials-v2022/psp-host-network-ports.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/policy-essentials-v2022/psp-host-network-ports.yaml -------------------------------------------------------------------------------- /bundles/policy-essentials-v2022/psp-privileged-container.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/policy-essentials-v2022/psp-privileged-container.yaml -------------------------------------------------------------------------------- /bundles/policy-essentials-v2022/psp-restrict_root_containers.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/policy-essentials-v2022/psp-restrict_root_containers.yaml -------------------------------------------------------------------------------- /bundles/policy-essentials-v2022/restrict-clusteradmin-rolebindings.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/policy-essentials-v2022/restrict-clusteradmin-rolebindings.yaml -------------------------------------------------------------------------------- /bundles/policy-essentials-v2022/seccomp-default.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/policy-essentials-v2022/seccomp-default.yaml -------------------------------------------------------------------------------- /bundles/psp-v2022/.krmignore: -------------------------------------------------------------------------------- 1 | kustomization.yaml 2 | -------------------------------------------------------------------------------- /bundles/psp-v2022/CHANGELOG.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/psp-v2022/CHANGELOG.md -------------------------------------------------------------------------------- /bundles/psp-v2022/Kptfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/psp-v2022/Kptfile -------------------------------------------------------------------------------- /bundles/psp-v2022/LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/psp-v2022/LICENSE -------------------------------------------------------------------------------- /bundles/psp-v2022/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/psp-v2022/README.md -------------------------------------------------------------------------------- /bundles/psp-v2022/kustomization.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/psp-v2022/kustomization.yaml -------------------------------------------------------------------------------- /bundles/psp-v2022/psp-allow-privilege-escalation-container.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/psp-v2022/psp-allow-privilege-escalation-container.yaml -------------------------------------------------------------------------------- /bundles/psp-v2022/psp-apparmor.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/psp-v2022/psp-apparmor.yaml -------------------------------------------------------------------------------- /bundles/psp-v2022/psp-capabilities.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/psp-v2022/psp-capabilities.yaml -------------------------------------------------------------------------------- /bundles/psp-v2022/psp-flexvolume-drivers.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/psp-v2022/psp-flexvolume-drivers.yaml -------------------------------------------------------------------------------- /bundles/psp-v2022/psp-forbidden-sysctls.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/psp-v2022/psp-forbidden-sysctls.yaml -------------------------------------------------------------------------------- /bundles/psp-v2022/psp-fsgroup.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/psp-v2022/psp-fsgroup.yaml -------------------------------------------------------------------------------- /bundles/psp-v2022/psp-host-filesystem.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/psp-v2022/psp-host-filesystem.yaml -------------------------------------------------------------------------------- /bundles/psp-v2022/psp-host-namespace.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/psp-v2022/psp-host-namespace.yaml -------------------------------------------------------------------------------- /bundles/psp-v2022/psp-host-network-ports.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/psp-v2022/psp-host-network-ports.yaml -------------------------------------------------------------------------------- /bundles/psp-v2022/psp-pods-allowed-user-ranges.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/psp-v2022/psp-pods-allowed-user-ranges.yaml -------------------------------------------------------------------------------- /bundles/psp-v2022/psp-privileged-container.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/psp-v2022/psp-privileged-container.yaml -------------------------------------------------------------------------------- /bundles/psp-v2022/psp-proc-mount.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/psp-v2022/psp-proc-mount.yaml -------------------------------------------------------------------------------- /bundles/psp-v2022/psp-readonlyrootfilesystem.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/psp-v2022/psp-readonlyrootfilesystem.yaml -------------------------------------------------------------------------------- /bundles/psp-v2022/psp-seccomp.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/psp-v2022/psp-seccomp.yaml -------------------------------------------------------------------------------- /bundles/psp-v2022/psp-selinux-v2.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/psp-v2022/psp-selinux-v2.yaml -------------------------------------------------------------------------------- /bundles/psp-v2022/psp-volume-types.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/psp-v2022/psp-volume-types.yaml -------------------------------------------------------------------------------- /bundles/pss-baseline-v2022/.krmignore: -------------------------------------------------------------------------------- 1 | kustomization.yaml 2 | -------------------------------------------------------------------------------- /bundles/pss-baseline-v2022/Kptfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/pss-baseline-v2022/Kptfile -------------------------------------------------------------------------------- /bundles/pss-baseline-v2022/LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/pss-baseline-v2022/LICENSE -------------------------------------------------------------------------------- /bundles/pss-baseline-v2022/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/pss-baseline-v2022/README.md -------------------------------------------------------------------------------- /bundles/pss-baseline-v2022/apparmor.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/pss-baseline-v2022/apparmor.yaml -------------------------------------------------------------------------------- /bundles/pss-baseline-v2022/capabilities.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/pss-baseline-v2022/capabilities.yaml -------------------------------------------------------------------------------- /bundles/pss-baseline-v2022/host-namespaces-host-pid-ipc.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/pss-baseline-v2022/host-namespaces-host-pid-ipc.yaml -------------------------------------------------------------------------------- /bundles/pss-baseline-v2022/host-namespaces-hostnetwork.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/pss-baseline-v2022/host-namespaces-hostnetwork.yaml -------------------------------------------------------------------------------- /bundles/pss-baseline-v2022/host-ports.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/pss-baseline-v2022/host-ports.yaml -------------------------------------------------------------------------------- /bundles/pss-baseline-v2022/hostpath-volumes.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/pss-baseline-v2022/hostpath-volumes.yaml -------------------------------------------------------------------------------- /bundles/pss-baseline-v2022/hostprocess.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/pss-baseline-v2022/hostprocess.yaml -------------------------------------------------------------------------------- /bundles/pss-baseline-v2022/kustomization.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/pss-baseline-v2022/kustomization.yaml -------------------------------------------------------------------------------- /bundles/pss-baseline-v2022/privileged-containers.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/pss-baseline-v2022/privileged-containers.yaml -------------------------------------------------------------------------------- /bundles/pss-baseline-v2022/proc-mount-type.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/pss-baseline-v2022/proc-mount-type.yaml -------------------------------------------------------------------------------- /bundles/pss-baseline-v2022/seccomp.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/pss-baseline-v2022/seccomp.yaml -------------------------------------------------------------------------------- /bundles/pss-baseline-v2022/selinux.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/pss-baseline-v2022/selinux.yaml -------------------------------------------------------------------------------- /bundles/pss-baseline-v2022/sysctls.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/bundles/pss-baseline-v2022/sysctls.yaml -------------------------------------------------------------------------------- /gke-custom-org-policy/samples/LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/gke-custom-org-policy/samples/LICENSE -------------------------------------------------------------------------------- /gke-custom-org-policy/samples/NOTICE: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /gke-custom-org-policy/samples/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/gke-custom-org-policy/samples/README.md -------------------------------------------------------------------------------- /gke-custom-org-policy/samples/control-plane-authority/control_plane_network_connection.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/gke-custom-org-policy/samples/control-plane-authority/control_plane_network_connection.yaml -------------------------------------------------------------------------------- /gke-custom-org-policy/samples/control-plane-authority/control_plane_ssh_logs.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/gke-custom-org-policy/samples/control-plane-authority/control_plane_ssh_logs.yaml -------------------------------------------------------------------------------- /gke-custom-org-policy/samples/control-plane-authority/control_plane_user_managed_keys_must_exist.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/gke-custom-org-policy/samples/control-plane-authority/control_plane_user_managed_keys_must_exist.yaml -------------------------------------------------------------------------------- /gke-custom-org-policy/samples/control-plane-authority/control_plane_user_managed_keys_must_start_with_project_id.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/gke-custom-org-policy/samples/control-plane-authority/control_plane_user_managed_keys_must_start_with_project_id.yaml -------------------------------------------------------------------------------- /gke-custom-org-policy/samples/disable_allow_all_traffic_firewals.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/gke-custom-org-policy/samples/disable_allow_all_traffic_firewals.yaml -------------------------------------------------------------------------------- /gke-custom-org-policy/samples/disable_kubernetes_dashboard.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/gke-custom-org-policy/samples/disable_kubernetes_dashboard.yaml -------------------------------------------------------------------------------- /gke-custom-org-policy/samples/disable_legacy_abac.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/gke-custom-org-policy/samples/disable_legacy_abac.yaml -------------------------------------------------------------------------------- /gke-custom-org-policy/samples/enable_cloud_logging.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/gke-custom-org-policy/samples/enable_cloud_logging.yaml -------------------------------------------------------------------------------- /gke-custom-org-policy/samples/enable_cos_node_pools.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/gke-custom-org-policy/samples/enable_cos_node_pools.yaml -------------------------------------------------------------------------------- /gke-custom-org-policy/samples/enable_cost_allocation.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/gke-custom-org-policy/samples/enable_cost_allocation.yaml -------------------------------------------------------------------------------- /gke-custom-org-policy/samples/enable_gke_security_posture.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/gke-custom-org-policy/samples/enable_gke_security_posture.yaml -------------------------------------------------------------------------------- /gke-custom-org-policy/samples/enable_shielded_nodes.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/gke-custom-org-policy/samples/enable_shielded_nodes.yaml -------------------------------------------------------------------------------- /gke-custom-org-policy/samples/enforce_gke_auto_upgrade.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/gke-custom-org-policy/samples/enforce_gke_auto_upgrade.yaml -------------------------------------------------------------------------------- /gke-custom-org-policy/samples/enforce_gke_release_channel.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/gke-custom-org-policy/samples/enforce_gke_release_channel.yaml -------------------------------------------------------------------------------- /gke-custom-org-policy/samples/require_master_authorized_networks.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/gke-custom-org-policy/samples/require_master_authorized_networks.yaml -------------------------------------------------------------------------------- /gke-custom-org-policy/samples/require_workload_identity.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/gke-policy-library/HEAD/gke-custom-org-policy/samples/require_workload_identity.yaml --------------------------------------------------------------------------------