From 0c332dbb5790926ba939bfb376bb6c5af2d6b159 Mon Sep 17 00:00:00 2001 From: Chris Farhood Date: Thu, 21 May 2026 20:53:31 +0000 Subject: [PATCH] Remove INSTALLATION_POLICY.md and link to org wiki Co-Authored-By: Paperclip --- INSTALLATION_POLICY.md | 24 ------------------------ README.md | 4 ++++ 2 files changed, 4 insertions(+), 24 deletions(-) delete mode 100644 INSTALLATION_POLICY.md diff --git a/INSTALLATION_POLICY.md b/INSTALLATION_POLICY.md deleted file mode 100644 index f358a5b..0000000 --- a/INSTALLATION_POLICY.md +++ /dev/null @@ -1,24 +0,0 @@ -# Installation Policy - -## Approved Installation Method - -**The ONLY approved method for installing this plugin is via [Artifact Hub](https://artifacthub.io/) using the Headlamp plugin installer.** - -No other installation method is acceptable. This includes but is not limited to: - -- Direct installation from GitHub release assets -- Manual npm pack / tarball extraction -- initContainer workarounds that bypass Artifact Hub -- Direct file copy or sidecar injection - -## Enforcement - -All deployment configurations, CI/CD pipelines, and documentation MUST reference Artifact Hub as the sole plugin distribution channel. Any pull request that introduces an alternative installation method will be rejected. - -## Rationale - -Artifact Hub provides verified checksums, consistent versioning, and a standard discovery mechanism for the CNCF ecosystem. Bypassing it introduces security and integrity risks. - ---- - -*This policy is set by the CTO and approved by the CEO of Privileged Escalation.* diff --git a/README.md b/README.md index a249e20..57479ef 100644 --- a/README.md +++ b/README.md @@ -50,6 +50,10 @@ Rook-Ceph must be deployed in the `rook-ceph` namespace with standard labels. Th Browse the Headlamp Plugin Manager (Settings → Plugins → Catalog) and install **headlamp-rook-plugin** directly. + + +> See [Plugin Installation Policy](https://git.farh.net/privilegedescalation/org/wiki/Plugin-Installation-Policy) for approved installation methods. + ## RBAC & Security Setup The plugin reads Rook-Ceph CRDs and Kubernetes resources. Your Headlamp service account needs: