Untitled

kubectl apply -f https://github.com/jetstack/cert-manager/releases/latest/download/cert-manager.yaml

helm repo add kubewarden https://charts.kubewarden.io


helm install --wait -n kubewarden --create-namespace kubewarden-crds kubewarden/kubewarden-crds

helm install --wait -n kubewarden kubewarden-controller kubewarden/kubewarden-controller

helm install --wait -n kubewarden kubewarden-defaults kubewarden/kubewarden-defaults




apiVersion: apps/v1
kind: Deployment
metadata:
  name: bci-sle15
  labels:
    app: sle15
spec:
  replicas: 1
  strategy: 
    type: RollingUpdate
  selector:
    matchLabels:
      app: sle15
  template:
    metadata:
      labels:
        app: sle15
    spec:
      containers:
      - name: sle15
        image: registry.suse.com/suse/sle15:latest
        imagePullPolicy: IfNotPresent
        command: ['sh', '-c', 'echo Container 1 is Running ; sleep 3600']




zypper install -y libcap-progs
capsh --decode=$( cat /proc/$$/status | grep CapEff | cut -d : -f 2 | xargs ) | GREP_COLOR='01;31' grep --color=auto net_raw



apiVersion: policies.kubewarden.io/v1alpha2
kind: AdmissionPolicy
metadata:
  name: drop-cap-net-raw
  namespace: default
spec:
  policyServer: default
  module: registry://ghcr.io/kubewarden/policies/psp-capabilities:v0.1.7
  rules:
  - apiGroups: [""]
    apiVersions: ["v1"]
    resources:
    - pods
    - deployments
    operations:
    - CREATE
    - UPDATE
  mutating: true
  settings:
    required_drop_capabilities:
    - NET_RAW



zypper install -y libcap-progs
capsh --decode=$( cat /proc/$$/status | grep CapEff | cut -d : -f 2 | xargs )