Initial commit

2025-11-29 17:51:02 +08:00
commit ff1f4bd119
252 changed files with 72682 additions and 0 deletions
--- a/skills/compliance/policy-opa/assets/k8s-constraint.yaml
+++ b/skills/compliance/policy-opa/assets/k8s-constraint.yaml
@@ -0,0 +1,20 @@
+apiVersion: constraints.gatekeeper.sh/v1beta1
+kind: K8sPodSecurity
+metadata:
+  name: pod-security-policy
+spec:
+  match:
+    kinds:
+      - apiGroups: [""]
+        kinds: ["Pod"]
+    namespaces:
+      - "production"
+      - "staging"
+    excludedNamespaces:
+      - "kube-system"
+      - "gatekeeper-system"
+  parameters:
+    allowPrivileged: false
+    allowHostNamespace: false
+    allowedCapabilities:
+      - "NET_BIND_SERVICE"  # Allow binding to privileged ports