check-compliance-policy and check-imagie-FIPS added #188

sratslla · 2025-02-21T13:42:13Z

check-compliance-policy and check-imagie-FIPS-compliant added

Signed-off-by: sratslla <[email protected]>

anusha94 · 2025-02-25T13:06:40Z

tetrate/check-compliance-policy/check-compliance-policy.yaml

+            template:
+              spec:
+                containers:
+                  - name: discovery


Is the container name guaranteed to be discovery?

anusha94 · 2025-02-25T13:08:27Z

tetrate/check-compliance-policy/check-compliance-policy.yaml

+              kinds:
+                - Deployment
+              namespaces:
+                - istio-system


You should also add the match for istiod Deployment

Also maybe a good idea to write the check for Pod instead

anusha94 · 2025-02-25T13:10:30Z

tetrate/check-image-FIPS-compliant copy/check-image-FIPS-compliant.yaml

+          - resources:
+              kinds:
+                - Pod
+                - Deployment


We should probably write the check only for Pod. Other controllers will be handled by auto-gen rules.

sratslla · 2025-02-25T13:37:13Z

I will fix these and add the rest of the policies I have been working on in this PR by EOD.

check-compliance-policy and check-imagie-FIPS added

4403f21

Signed-off-by: sratslla <[email protected]>

anusha94 reviewed Feb 25, 2025

View reviewed changes

sratslla marked this pull request as draft February 25, 2025 13:36

Provide feedback