Create PSP `host-namespaces` policy

[flavio]

Write a Kubewarden policy that implements the host namespaces psp.

Configuration

allowHostPID: true
allowHostIPC: false
allowHostNetwork: false
allowedHostPortRange: [1024, 2048]

Default behaviour of the configuration knobs

• hostPID and hostIPC and hostNetwork: they are all false
• allowedHostPortRange: when empty, no host port can be used

Settings validation:

• allowedHostPortRange: this is an array that must have only two values. The first value is the minimum, the second is the maximum. Obviously minimum cannot be major than maximum

[ereslibre]

On PodSecurityPolicies the allowed host port range is a list of ranges, such as:

  hostPorts:
  - min: 0
    max: 65535

This policy could allow this instead of the proposed settings, by allowing a list of allowedHostPortRanges, such as:

allowedHostPortRanges:
  - portMin: 80
    portMax: 443
  - portMin: 8000
    portMax: 8443

in a single policy instance.

[ereslibre]

~@flavio do we want to add allowedHostPaths as well on this policy?~

NVM, just saw https://github.com/kubewarden/policy-hub/issues/26, sorry.

[ereslibre]

Implemented in https://github.com/kubewarden/psp-host-namespaces.

The only remaining bit is the notifying of the policy hub.