metadata.yml

rules:
  - apiGroups: [""]
    apiVersions: ["v1"]
    resources: ["pods"]
    operations: ["CREATE", "UPDATE"]
  - apiGroups: [""]
    apiVersions: ["v1"]
    resources: ["replicationcontrollers"]
    operations: ["CREATE", "UPDATE"]
  - apiGroups: ["apps"]
    apiVersions: ["v1"]
    resources: ["deployments", "replicasets", "statefulsets", "daemonsets"]
    operations: ["CREATE", "UPDATE"]
  - apiGroups: ["batch"]
    apiVersions: ["v1"]
    resources: ["jobs", "cronjobs"]
    operations: ["CREATE", "UPDATE"]
mutating: false
contextAware: false
annotations:
  # artifacthub specific
  io.artifacthub.displayName: Trusted Repos
  io.artifacthub.resources: Pod
  io.artifacthub.keywords: image, registry, tag
  # kubewarden specific
  io.kubewarden.policy.ociUrl: ghcr.io/kubewarden/policies/trusted-repos
  io.kubewarden.policy.title: trusted-repos
  io.kubewarden.policy.description: Kubewarden policy that restricts what registries,
    tags and images can pods on your cluster refer to
  io.kubewarden.policy.author: Kubewarden developers <cncf-kubewarden-maintainers@lists.cncf.io>
  io.kubewarden.policy.url: https://github.com/kubewarden/trusted-repos-policy
  io.kubewarden.policy.source: https://github.com/kubewarden/trusted-repos-policy
  io.kubewarden.policy.license: Apache-2.0
  io.kubewarden.policy.category: Secure supply chain
  io.kubewarden.policy.severity: medium