This is the multi-page printable view of this section. Click here to print.
Development
Development guide
1 - Hub
The Helm charts repository
Portefaix Hub
Portefaix Hub is the Helm charts repository of the Portefaix project.
All charts could be find on Artifact Hub
2 - Policies
The policies repository
Portefaix Policies contains Kubernetes policies for Kyverno or Open Policy Agent.
Kyverno
PORTEFAIX-C0001
- Container must not use latest image tagPORTEFAIX-C0002
- Container must set liveness probePORTEFAIX-C0003
- Container must set readiness probePORTEFAIX-C0004
- Container must mount secrets as volumes, not enviroment variablesPORTEFAIX-C0005
- Container must drop all capabilitiesPORTEFAIX-C0006
- Container must not allow for privilege escalationPORTEFAIX-C0008
- Container resource constraints must be specifiedPORTEFAIX-M0001
- Metadata must set recommanded Kubernetes labelsPORTEFAIX-M0002
- Metadata should have a8r.io annotationsPORTEFAIX-M0003
- Metadata should have portefaix.xyz annotationsPORTEFAIX-P0002
- Pod must run without access to the host IPCPORTEFAIX-P0003
- Pod must run without access to the host networkingPORTEFAIX-P0004
- Pod must run as non-rootPORTEFAIX-P0005
- Pod must run without access to the host PID
Open Policy Agent
PORTEFAIX-C0001
: Container must not use latest image tagPORTEFAIX-C0002
: Container must set liveness probePORTEFAIX-C0003
: Container must set readiness probePORTEFAIX-C0004
: Container must mount secrets as volumes, not enviroment variablesPORTEFAIX-C0006
: Container must not allow for privilege escalationPORTEFAIX-C0008
: Container must define resource contraintesPORTEFAIX-M0001
: Metadata should contain all recommanded Kubernetes labelsPORTEFAIX-M0002
: Metadata should have a8r.io annotationsPORTEFAIX-M0003
: Metadata should have portefaix.xyz annotationsPORTEFAIX-N0001
: Disallow Default Namespace
3 - Mixin
Portefaix monitoring mixin
The portefaix-mixin is a collection of reusable and configurable Prometheus alerts, and Grafana dashboards.
5 - KRM
Kubernetes Resources Model
Kubernetes Resources Model
KRM could be use to deploy infrastructure on cloud providers.