loft-sh / jspolicy

jsPolicy - Easier & Faster Kubernetes Policies using JavaScript or TypeScript
https://www.jspolicy.com
Apache License 2.0
367 stars 36 forks source link

Create policy library #113

Open AndresPinerosZen opened 10 months ago

AndresPinerosZen commented 10 months ago

It would be nice if instead of having an "examples" folder there was a folder with actual implementation of the common rules that competitors already have. Things like "Don't allow the latest tag in any PodTemplate/JobTemplate (Deployment, Job, CronJob, Statefulset...) container image".

Having a library of rules for commonly used policies is an incentive for people to adopt the project.

This would also help people compare the difficulty of writing policies in Rego vs JSPolicy. Having a mapping between common OPA policies and their JSPolicy counterpart would help to demonstrate the "Easier & Faster policies" point.

FabianKramm commented 10 months ago

Thanks for the issue @AndresPinerosZen! Yeah thats a good idea, we are currently pretty short staffed on JsPolicy, so if somebody wants to create a couple of common rules, we would be more than happy to merge that PR!

epasham commented 7 months ago

Can we create a Policy-Library directory place holder for storing the examples. we will build the rules for all the examples from OPA library so that people have choice to chose between jspolicy and other policy management tools

epasham commented 7 months ago

I have picked up below 10 references from OPA library, we will convert them jspolicy compatible and then will check into the repo BlockNodePort Service Type BlockLoadBalancer Service Type AllowedRepos DisAllowedRepos DisAllowedTags ReplicaLimits RequiredLabels RequiredAnnotations RequiredProbes AllowedStorageClass

epasham commented 7 months ago

Added policy libray and included below samples BlockNodePort Service Type BlockLoadBalancer Service Type AllowedRepos

Submitted the pull request. please review and merge it. will be adding more samples from the list above