ed882b533f
Kyverno is a policy engine designed for Kubernetes that will be used to make sure Kubernetes resources are compliant to a defined set of rules. For example, a rule can be implemented in Kyverno stating that no containers can run as privileged. Kyverno would then block Kubernetes resources from being created or updated that violate this rule (if in enforce mode). Kyverno also has auditing capability that scans existing resources and creates compliance reports at the namespace level. Kyverno via its CLI (kyverno apply command), also allows scans of resource definitions(yaml) to report violations that may exists without the need of creating or updating a resource. This could be useful down the line if there is a desire to create a CI gate to test a incoming change for policy violations - essentially pushing the testing to the left as opposed to getting policy violation feedback when the Kubernetes admission controller is invoked. Change-Id: Ie8537fa625a6508211aa17f929c5803773a8fda5
Airship Charts
The Airship charts repository is home to a collection of
Helm charts developed and maintained by the Airship community, generally
for Airship- or Airship-adjacent use cases.
To learn more about the Airship 2.0 evolution, reference the Airship blog series.
Contributing
The Airship team prefers to use upstream Helm charts, maintained by
the deployed projects themselves, as much as possible. Therefore, charts
are only added to this charts repo when truly needed. Our
community practice is to propose and defend the need for a new chart in
our weekly IRC meeting (mirrored in our Slack channel). Please bring a
new chart up in that forum prior to pushing a patchset to add it.
To get looped into our team meetings and community, please visit the Airship wiki, and read our developer guide to begin contributing.
We also encourage new contributors and operators alike to join us in our Slack workspace and subscribe to our mailing lists.