Development

Development guide

1 - Hub

The Helm charts repository

Portefaix Hub is the Helm charts repository of the Portefaix project.

All charts could be find on Artifact Hub

The policies repository

PORTEFAIX-C0001 - Container must not use latest image tag
PORTEFAIX-C0002 - Container must set liveness probe
PORTEFAIX-C0003 - Container must set readiness probe
PORTEFAIX-C0004 - Container must mount secrets as volumes, not enviroment variables
PORTEFAIX-C0005 - Container must drop all capabilities
PORTEFAIX-C0006 - Container must not allow for privilege escalation
PORTEFAIX-C0008 - Container resource constraints must be specified
PORTEFAIX-M0001 - Metadata must set recommanded Kubernetes labels
PORTEFAIX-M0002 - Metadata should have a8r.io annotations
PORTEFAIX-M0003 - Metadata should have portefaix.xyz annotations
PORTEFAIX-P0002 - Pod must run without access to the host IPC
PORTEFAIX-P0003 - Pod must run without access to the host networking
PORTEFAIX-P0004 - Pod must run as non-root
PORTEFAIX-P0005 - Pod must run without access to the host PID

PORTEFAIX-C0001: Container must not use latest image tag
PORTEFAIX-C0002: Container must set liveness probe
PORTEFAIX-C0003: Container must set readiness probe
PORTEFAIX-C0004: Container must mount secrets as volumes, not enviroment variables
PORTEFAIX-C0006: Container must not allow for privilege escalation
PORTEFAIX-C0008: Container must define resource contraintes
PORTEFAIX-M0001: Metadata should contain all recommanded Kubernetes labels
PORTEFAIX-M0002: Metadata should have a8r.io annotations
PORTEFAIX-M0003: Metadata should have portefaix.xyz annotations
PORTEFAIX-N0001: Disallow Default Namespace

Portefaix monitoring mixin

The portefaix-mixin is a collection of reusable and configurable Prometheus alerts, and Grafana dashboards.