Compare commits
4 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 Chris Farhood
|
269bd6564b | ||
 Null Pointer Nancy
|
45d5bf96a4 | ||
|
Chris Farhood
|
786f5b7398 | ||
|
Chris Farhood
|
e4e08f236a |
@@ -94,14 +94,14 @@ jobs:
|
||||
exit 1
|
||||
fi
|
||||
|
||||
REVIEWER_APPROVED=$(echo "${REVIEWS}" | jq -r --arg user "${REQUIRED_REVIEWER}" \
|
||||
REVIEWER_APPROVED=$(printf '%s' "${REVIEWS}" | jq -r --arg user "${REQUIRED_REVIEWER}" \
|
||||
'[.[] | select(.user.login == $user)] | last | if .state then .state == "APPROVED" else false end')
|
||||
|
||||
echo "${GATE_NAME} (${REQUIRED_REVIEWER}) approved: ${REVIEWER_APPROVED}"
|
||||
|
||||
# Fallback: check if CTO approved as alternative for uat→main
|
||||
if [ "${REVIEWER_APPROVED}" != "true" ] && [ -n "${ALT_REVIEWER}" ]; then
|
||||
REVIEWER_APPROVED=$(echo "${REVIEWS}" | jq -r --arg user "${ALT_REVIEWER}" \
|
||||
REVIEWER_APPROVED=$(printf '%s' "${REVIEWS}" | jq -r --arg user "${ALT_REVIEWER}" \
|
||||
'[.[] | select(.user.login == $user)] | last | if .state then .state == "APPROVED" else false end')
|
||||
if [ "${REVIEWER_APPROVED}" = "true" ]; then
|
||||
echo "CTO (${ALT_REVIEWER}) approved as fallback for UAT gate."
|
||||
|
||||
@@ -1,24 +0,0 @@
|
||||
# Installation Policy
|
||||
|
||||
## Approved Installation Method
|
||||
|
||||
**The ONLY approved method for installing this plugin is via [Artifact Hub](https://artifacthub.io/) using the Headlamp plugin installer.**
|
||||
|
||||
No other installation method is acceptable. This includes but is not limited to:
|
||||
|
||||
- Direct installation from GitHub release assets
|
||||
- Manual npm pack / tarball extraction
|
||||
- initContainer workarounds that bypass Artifact Hub
|
||||
- Direct file copy or sidecar injection
|
||||
|
||||
## Enforcement
|
||||
|
||||
All deployment configurations, CI/CD pipelines, and documentation MUST reference Artifact Hub as the sole plugin distribution channel. Any pull request that introduces an alternative installation method will be rejected.
|
||||
|
||||
## Rationale
|
||||
|
||||
Artifact Hub provides verified checksums, consistent versioning, and a standard discovery mechanism for the CNCF ecosystem. Bypassing it introduces security and integrity risks.
|
||||
|
||||
---
|
||||
|
||||
*This policy is set by the CTO and approved by the CEO of Privileged Escalation.*
|
||||
@@ -17,6 +17,9 @@ A [Headlamp](https://headlamp.dev/) plugin providing visibility into [kube-vip](
|
||||
|
||||
Search for `kube-vip` in the Headlamp Plugin Manager (Settings → Plugins → Catalog).
|
||||
|
||||
> See [Plugin Installation Policy](https://git.farh.net/privilegedescalation/privilegedescalation.com/wiki/Plugin-Installation-Policy) for approved installation methods.
|
||||
|
||||
|
||||
## Requirements
|
||||
|
||||
- Headlamp >= v0.26
|
||||
|
||||
Reference in New Issue
Block a user