-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathfilters.example.json
More file actions
30 lines (30 loc) · 931 Bytes
/
filters.example.json
File metadata and controls
30 lines (30 loc) · 931 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
{
"volumes": {
"allowed_names": ["^data-.*", "^app-.*"],
"denied_names": ["^system-.*"],
"allowed_paths": ["^/data/.*", "^/mnt/volumes/.*"],
"denied_paths": ["^/etc/.*", "^/root/.*", "^/home/.*"],
"allowed_drivers": ["local", "nfs"]
},
"containers": {
"allowed_images": ["^docker.io/.*", "^myregistry.com/.*"],
"denied_images": [".*:latest$"],
"allowed_names": ["^prod-.*", "^staging-.*"],
"require_labels": {
"env": "production"
},
"deny_privileged": true,
"deny_host_network": true
},
"networks": {
"allowed_names": ["^app-.*", "^service-.*"],
"denied_names": ["^host$"],
"allowed_drivers": ["bridge", "overlay"]
},
"images": {
"allowed_repos": ["^docker.io/library/.*", "^myregistry.com/.*"],
"denied_repos": [".*untrusted.*"],
"allowed_tags": ["^v[0-9]+\\.[0-9]+\\.[0-9]+$", "^stable$"],
"denied_tags": ["^latest$", "^dev$"]
}
}