diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 03bedbc0e..d240b81a6 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -50,7 +50,7 @@ jobs:
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
- uses: github/codeql-action/init@49abf0ba24d0b7953cb586944e918a0b92074c80 # v2.22.4
+ uses: github/codeql-action/init@74483a38d39275f33fcff5f35b679b5ca4a26a99 # v2.22.5
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
@@ -60,7 +60,7 @@ jobs:
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
- uses: github/codeql-action/autobuild@49abf0ba24d0b7953cb586944e918a0b92074c80 # v2.22.4
+ uses: github/codeql-action/autobuild@74483a38d39275f33fcff5f35b679b5ca4a26a99 # v2.22.5
# âšī¸ Command-line programs to run using the OS shell.
# đ See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -73,6 +73,6 @@ jobs:
# ./location_of_script_within_repo/buildscript.sh
- name: Perform CodeQL Analysis
- uses: github/codeql-action/analyze@49abf0ba24d0b7953cb586944e918a0b92074c80 # v2.22.4
+ uses: github/codeql-action/analyze@74483a38d39275f33fcff5f35b679b5ca4a26a99 # v2.22.5
with:
category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
index 104d2718a..92d358bc1 100644
--- a/.github/workflows/dependency-review.yml
+++ b/.github/workflows/dependency-review.yml
@@ -24,4 +24,4 @@ jobs:
- name: 'Checkout Repository'
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: 'Dependency Review'
- uses: actions/dependency-review-action@6c5ccdad469c9f8a2996bfecaec55a631a347034 # v3.1.0
+ uses: actions/dependency-review-action@9f45b2463b475767b61721ccfef113fef513e6aa # v3.1.1
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index a5f66ed3c..53fec756d 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -41,7 +41,7 @@ jobs:
persist-credentials: false
- name: "Run analysis"
- uses: ossf/scorecard-action@483ef80eb98fb506c348f7d62e28055e49fe2398 # v2.3.0
+ uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
with:
results_file: results.sarif
results_format: sarif
@@ -71,6 +71,6 @@ jobs:
# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
- uses: github/codeql-action/upload-sarif@49abf0ba24d0b7953cb586944e918a0b92074c80 # v2.22.4
+ uses: github/codeql-action/upload-sarif@74483a38d39275f33fcff5f35b679b5ca4a26a99 # v2.22.5
with:
sarif_file: results.sarif
diff --git a/.github/workflows/workflow.yaml b/.github/workflows/workflow.yaml
index c59c40bd8..e515d5184 100644
--- a/.github/workflows/workflow.yaml
+++ b/.github/workflows/workflow.yaml
@@ -65,7 +65,7 @@ jobs:
runs-on: ubuntu-latest
strategy:
matrix:
- gatekeeper: [ "release-3.13", "release-3.12" ]
+ gatekeeper: [ "release-3.13", "release-3.14" ]
name: "Integration test on Gatekeeper ${{ matrix.gatekeeper }}"
steps:
- name: Harden Runner
diff --git a/scripts/website/generate.go b/scripts/website/generate.go
index 62496ed03..fd0d6b9e9 100644
--- a/scripts/website/generate.go
+++ b/scripts/website/generate.go
@@ -10,6 +10,7 @@ import (
"strings"
"gopkg.in/yaml.v3"
+ "k8s.io/utils/strings/slices"
)
const (
@@ -28,6 +29,9 @@ const (
mutationPattern = `(\s*)(type:\s+'category',\s+label:\s+'Mutation',\s+collapsed:\s+true,\s+items:\s*\[\s)(\s*)([^\]]*,)`
)
+// Skip including examples for the following Kinds.
+var skipExampleKinds = []string{"AdmissionReview"}
+
// Suite ...
// ToDo (nilekh): Get this struct from the Gatekeeper repo.
type Suite struct {
@@ -140,7 +144,20 @@ func main() {
fmt.Println("error while reading ", testCase.Object)
panic(err)
}
- examples += fmt.Sprintf("\n%s
\n\n```yaml\n%s\n```\n\nUsage\n\n```shell\nkubectl apply -f %s\n```\n\n \n", testCase.Name, exampleContent, exampleRawURL)
+
+ exampleResource := make(map[string]interface{})
+ err = yaml.Unmarshal(exampleContent, &exampleResource)
+ if err != nil {
+ fmt.Printf("error while unmarshaling: %v", exampleRawURL)
+ panic(err)
+ }
+
+ if exampleKind, ok := exampleResource["kind"].(string); !ok {
+ fmt.Printf("error while parsing kind: %v", exampleRawURL)
+ panic(err)
+ } else if !slices.Contains(skipExampleKinds, exampleKind) {
+ examples += fmt.Sprintf("\n%s
\n\n```yaml\n%s\n```\n\nUsage\n\n```shell\nkubectl apply -f %s\n```\n\n \n", testCase.Name, exampleContent, exampleRawURL)
+ }
}
allExamples += fmt.Sprintf("\n%s
\n\n%s\n%s\n\n
", test.Name, constraintExample, examples)
diff --git a/website/docs/validation/allow-privilege-escalation.md b/website/docs/validation/allow-privilege-escalation.md
index 765425505..880f4fee3 100644
--- a/website/docs/validation/allow-privilege-escalation.md
+++ b/website/docs/validation/allow-privilege-escalation.md
@@ -222,37 +222,6 @@ Usage
kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper-library/master/library/pod-security-policy/allow-privilege-escalation/samples/psp-allow-privilege-escalation-container/disallowed_ephemeral.yaml
```
-
-
-update
-
-```yaml
-kind: AdmissionReview
-apiVersion: admission.k8s.io/v1beta1
-request:
- operation: "UPDATE"
- object:
- apiVersion: v1
- kind: Pod
- metadata:
- name: nginx-privilege-escalation-disallowed
- labels:
- app: nginx-privilege-escalation
- spec:
- containers:
- - name: nginx
- image: nginx
- securityContext:
- allowPrivilegeEscalation: true
-
-```
-
-Usage
-
-```shell
-kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper-library/master/library/pod-security-policy/allow-privilege-escalation/samples/psp-allow-privilege-escalation-container/update.yaml
-```
-
diff --git a/website/docs/validation/automount-serviceaccount-token.md b/website/docs/validation/automount-serviceaccount-token.md
index 9876ba1aa..a8a7d03db 100644
--- a/website/docs/validation/automount-serviceaccount-token.md
+++ b/website/docs/validation/automount-serviceaccount-token.md
@@ -161,36 +161,6 @@ Usage
kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper-library/master/library/general/automount-serviceaccount-token/samples/automount-serviceaccount-token/example_disallowed.yaml
```
-
-
-update
-
-```yaml
-kind: AdmissionReview
-apiVersion: admission.k8s.io/v1beta1
-request:
- operation: "UPDATE"
- object:
- apiVersion: v1
- kind: Pod
- metadata:
- name: nginx-automountserviceaccounttoken-update
- labels:
- app: nginx-automountserviceaccounttoken
- spec:
- automountServiceAccountToken: true
- containers:
- - name: nginx
- image: nginx
-
-```
-
-Usage
-
-```shell
-kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper-library/master/library/general/automount-serviceaccount-token/samples/automount-serviceaccount-token/update.yaml
-```
-
diff --git a/website/docs/validation/capabilities.md b/website/docs/validation/capabilities.md
index bb6d86f4d..33a9430da 100644
--- a/website/docs/validation/capabilities.md
+++ b/website/docs/validation/capabilities.md
@@ -317,46 +317,6 @@ Usage
kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper-library/master/library/pod-security-policy/capabilities/samples/capabilities-demo/disallowed_ephemeral.yaml
```
-
-
-update
-
-```yaml
-kind: AdmissionReview
-apiVersion: admission.k8s.io/v1beta1
-request:
- operation: "UPDATE"
- object:
- apiVersion: v1
- kind: Pod
- metadata:
- name: opa-disallowed
- labels:
- owner: me.agilebank.demo
- spec:
- containers:
- - name: opa
- image: openpolicyagent/opa:0.9.2
- args:
- - "run"
- - "--server"
- - "--addr=localhost:8080"
- securityContext:
- capabilities:
- add: ["disallowedcapability"]
- resources:
- limits:
- cpu: "100m"
- memory: "30Mi"
-
-```
-
-Usage
-
-```shell
-kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper-library/master/library/pod-security-policy/capabilities/samples/capabilities-demo/update.yaml
-```
-
diff --git a/website/docs/validation/ephemeralstoragelimit.md b/website/docs/validation/ephemeralstoragelimit.md
index 83e219488..c44abbbe6 100644
--- a/website/docs/validation/ephemeralstoragelimit.md
+++ b/website/docs/validation/ephemeralstoragelimit.md
@@ -471,44 +471,6 @@ Usage
kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper-library/master/library/general/ephemeralstoragelimit/samples/container-must-have-ephemeral-storage-limit/example_disallowed_ephemeral_storage_limit_1Pi-initContainer.yaml
```
-
-
-ephemeral-storage-limit-update
-
-```yaml
-kind: AdmissionReview
-apiVersion: admission.k8s.io/v1beta1
-request:
- operation: "UPDATE"
- object:
- apiVersion: v1
- kind: Pod
- metadata:
- name: opa-allowed
- labels:
- owner: me.agilebank.demo
- spec:
- containers:
- - name: opa
- image: openpolicyagent/opa:0.9.2
- args:
- - "run"
- - "--server"
- - "--addr=localhost:8080"
- resources:
- limits:
- cpu: "100m"
- memory: "1Gi"
- ephemeral-storage: "1Pi"
-
-```
-
-Usage
-
-```shell
-kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper-library/master/library/general/ephemeralstoragelimit/samples/container-must-have-ephemeral-storage-limit/update.yaml
-```
-
diff --git a/website/docs/validation/flexvolume-drivers.md b/website/docs/validation/flexvolume-drivers.md
index 04d28cec3..423aa049f 100644
--- a/website/docs/validation/flexvolume-drivers.md
+++ b/website/docs/validation/flexvolume-drivers.md
@@ -184,43 +184,6 @@ Usage
kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper-library/master/library/pod-security-policy/flexvolume-drivers/samples/psp-flexvolume-drivers/example_disallowed.yaml
```
-
-
-update
-
-```yaml
-kind: AdmissionReview
-apiVersion: admission.k8s.io/v1beta1
-request:
- operation: "UPDATE"
- object:
- apiVersion: v1
- kind: Pod
- metadata:
- name: nginx-flexvolume-driver-disallowed
- labels:
- app: nginx-flexvolume-driver
- spec:
- containers:
- - name: nginx
- image: nginx
- volumeMounts:
- - mountPath: /test
- name: test-volume
- readOnly: true
- volumes:
- - name: test-volume
- flexVolume:
- driver: "example/testdriver" #"example/lvm"
-
-```
-
-Usage
-
-```shell
-kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper-library/master/library/pod-security-policy/flexvolume-drivers/samples/psp-flexvolume-drivers/update.yaml
-```
-
diff --git a/website/docs/validation/forbidden-sysctls.md b/website/docs/validation/forbidden-sysctls.md
index 1b5b4a27c..0891bc036 100644
--- a/website/docs/validation/forbidden-sysctls.md
+++ b/website/docs/validation/forbidden-sysctls.md
@@ -208,41 +208,6 @@ Usage
kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper-library/master/library/pod-security-policy/forbidden-sysctls/samples/psp-forbidden-sysctls/example_allowed.yaml
```
-
-
-update
-
-```yaml
-kind: AdmissionReview
-apiVersion: admission.k8s.io/v1beta1
-request:
- operation: "UPDATE"
- object:
- apiVersion: v1
- kind: Pod
- metadata:
- name: nginx-forbidden-sysctls-disallowed
- labels:
- app: nginx-forbidden-sysctls
- spec:
- containers:
- - name: nginx
- image: nginx
- securityContext:
- sysctls:
- - name: kernel.msgmax
- value: "65536"
- - name: net.core.somaxconn
- value: "1024"
-
-```
-
-Usage
-
-```shell
-kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper-library/master/library/pod-security-policy/forbidden-sysctls/samples/psp-forbidden-sysctls/update.yaml
-```
-
diff --git a/website/docs/validation/fsgroup.md b/website/docs/validation/fsgroup.md
index 6a35e43c0..cc96a5599 100644
--- a/website/docs/validation/fsgroup.md
+++ b/website/docs/validation/fsgroup.md
@@ -216,42 +216,6 @@ Usage
kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper-library/master/library/pod-security-policy/fsgroup/samples/psp-fsgroup/example_allowed.yaml
```
-
-
-update
-
-```yaml
-kind: AdmissionReview
-apiVersion: admission.k8s.io/v1beta1
-request:
- operation: "UPDATE"
- object:
- apiVersion: v1
- kind: Pod
- metadata:
- name: fsgroup-disallowed
- spec:
- securityContext:
- fsGroup: 2000 # directory will have group ID 2000
- volumes:
- - name: fsgroup-demo-vol
- emptyDir: {}
- containers:
- - name: fsgroup-demo
- image: busybox
- command: [ "sh", "-c", "sleep 1h" ]
- volumeMounts:
- - name: fsgroup-demo-vol
- mountPath: /data/demo
-
-```
-
-Usage
-
-```shell
-kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper-library/master/library/pod-security-policy/fsgroup/samples/psp-fsgroup/update.yaml
-```
-
diff --git a/website/docs/validation/host-filesystem.md b/website/docs/validation/host-filesystem.md
index cd7430a09..e709f76e8 100644
--- a/website/docs/validation/host-filesystem.md
+++ b/website/docs/validation/host-filesystem.md
@@ -292,43 +292,6 @@ Usage
kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper-library/master/library/pod-security-policy/host-filesystem/samples/psp-host-filesystem/disallowed_ephemeral.yaml
```
-
-
-update
-
-```yaml
-kind: AdmissionReview
-apiVersion: admission.k8s.io/v1beta1
-request:
- operation: "UPDATE"
- object:
- apiVersion: v1
- kind: Pod
- metadata:
- name: nginx-host-filesystem
- labels:
- app: nginx-host-filesystem-disallowed
- spec:
- containers:
- - name: nginx
- image: nginx
- volumeMounts:
- - mountPath: /cache
- name: cache-volume
- readOnly: true
- volumes:
- - name: cache-volume
- hostPath:
- path: /tmp # directory location on host
-
-```
-
-Usage
-
-```shell
-kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper-library/master/library/pod-security-policy/host-filesystem/samples/psp-host-filesystem/update.yaml
-```
-
diff --git a/website/docs/validation/host-namespaces.md b/website/docs/validation/host-namespaces.md
index 0c433062e..26c35ce8c 100644
--- a/website/docs/validation/host-namespaces.md
+++ b/website/docs/validation/host-namespaces.md
@@ -150,37 +150,6 @@ Usage
kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper-library/master/library/pod-security-policy/host-namespaces/samples/psp-host-namespace/example_disallowed.yaml
```
-
-
-update
-
-```yaml
-kind: AdmissionReview
-apiVersion: admission.k8s.io/v1beta1
-request:
- operation: "UPDATE"
- object:
- apiVersion: v1
- kind: Pod
- metadata:
- name: nginx-host-namespace-disallowed
- labels:
- app: nginx-host-namespace
- spec:
- hostPID: true
- hostIPC: true
- containers:
- - name: nginx
- image: nginx
-
-```
-
-Usage
-
-```shell
-kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper-library/master/library/pod-security-policy/host-namespaces/samples/psp-host-namespace/update.yaml
-```
-
diff --git a/website/docs/validation/host-network-ports.md b/website/docs/validation/host-network-ports.md
index 373d1ab3f..1debe644c 100644
--- a/website/docs/validation/host-network-ports.md
+++ b/website/docs/validation/host-network-ports.md
@@ -250,39 +250,6 @@ Usage
kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper-library/master/library/pod-security-policy/host-network-ports/samples/psp-host-network-ports/disallowed_ephemeral.yaml
```
-
-
-update
-
-```yaml
-kind: AdmissionReview
-apiVersion: admission.k8s.io/v1beta1
-request:
- operation: "UPDATE"
- object:
- apiVersion: v1
- kind: Pod
- metadata:
- name: nginx-host-networking-ports-disallowed
- labels:
- app: nginx-host-networking-ports
- spec:
- hostNetwork: true
- containers:
- - name: nginx
- image: nginx
- ports:
- - containerPort: 9001
- hostPort: 9001
-
-```
-
-Usage
-
-```shell
-kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper-library/master/library/pod-security-policy/host-network-ports/samples/psp-host-network-ports/update.yaml
-```
-
diff --git a/website/docs/validation/privileged-containers.md b/website/docs/validation/privileged-containers.md
index ef596bbde..fe56c7d8b 100644
--- a/website/docs/validation/privileged-containers.md
+++ b/website/docs/validation/privileged-containers.md
@@ -215,37 +215,6 @@ Usage
kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper-library/master/library/pod-security-policy/privileged-containers/samples/psp-privileged-container/disallowed_ephemeral.yaml
```
-
-
-update
-
-```yaml
-kind: AdmissionReview
-apiVersion: admission.k8s.io/v1beta1
-request:
- operation: "UPDATE"
- object:
- apiVersion: v1
- kind: Pod
- metadata:
- name: nginx-privileged-disallowed
- labels:
- app: nginx-privileged
- spec:
- containers:
- - name: nginx
- image: nginx
- securityContext:
- privileged: true
-
-```
-
-Usage
-
-```shell
-kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper-library/master/library/pod-security-policy/privileged-containers/samples/psp-privileged-container/update.yaml
-```
-
diff --git a/website/docs/validation/proc-mount.md b/website/docs/validation/proc-mount.md
index e792ff25b..2fd4cf590 100644
--- a/website/docs/validation/proc-mount.md
+++ b/website/docs/validation/proc-mount.md
@@ -262,37 +262,6 @@ Usage
kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper-library/master/library/pod-security-policy/proc-mount/samples/psp-proc-mount/disallowed_ephemeral.yaml
```
-
-
-update
-
-```yaml
-kind: AdmissionReview
-apiVersion: admission.k8s.io/v1beta1
-request:
- operation: "UPDATE"
- object:
- apiVersion: v1
- kind: Pod
- metadata:
- name: nginx-proc-mount-disallowed
- labels:
- app: nginx-proc-mount
- spec:
- containers:
- - name: nginx
- image: nginx
- securityContext:
- procMount: Unmasked #Default
-
-```
-
-Usage
-
-```shell
-kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper-library/master/library/pod-security-policy/proc-mount/samples/psp-proc-mount/update.yaml
-```
-
diff --git a/website/docs/validation/read-only-root-filesystem.md b/website/docs/validation/read-only-root-filesystem.md
index cefd32931..f87b6d817 100644
--- a/website/docs/validation/read-only-root-filesystem.md
+++ b/website/docs/validation/read-only-root-filesystem.md
@@ -225,37 +225,6 @@ Usage
kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper-library/master/library/pod-security-policy/read-only-root-filesystem/samples/psp-readonlyrootfilesystem/disallowed_ephemeral.yaml
```
-
-
-update
-
-```yaml
-kind: AdmissionReview
-apiVersion: admission.k8s.io/v1beta1
-request:
- operation: "UPDATE"
- object:
- apiVersion: v1
- kind: Pod
- metadata:
- name: nginx-readonlyrootfilesystem-disallowed
- labels:
- app: nginx-readonlyrootfilesystem
- spec:
- containers:
- - name: nginx
- image: nginx
- securityContext:
- readOnlyRootFilesystem: false
-
-```
-
-Usage
-
-```shell
-kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper-library/master/library/pod-security-policy/read-only-root-filesystem/samples/psp-readonlyrootfilesystem/update.yaml
-```
-
diff --git a/website/docs/validation/requiredprobes.md b/website/docs/validation/requiredprobes.md
index 4561c24f7..d9c6ea4cc 100644
--- a/website/docs/validation/requiredprobes.md
+++ b/website/docs/validation/requiredprobes.md
@@ -255,55 +255,6 @@ Usage
kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper-library/master/library/general/requiredprobes/samples/must-have-probes/example_disallowed2.yaml
```
-
-
-update
-
-```yaml
-kind: AdmissionReview
-apiVersion: admission.k8s.io/v1beta1
-request:
- operation: "UPDATE"
- object:
- apiVersion: v1
- kind: Pod
- metadata:
- name: test-pod1
- spec:
- containers:
- - name: nginx-1
- image: nginx:1.7.9
- ports:
- - containerPort: 80
- livenessProbe:
- # tcpSocket:
- # port: 80
- # initialDelaySeconds: 5
- # periodSeconds: 10
- volumeMounts:
- - mountPath: /tmp/cache
- name: cache-volume
- - name: tomcat
- image: tomcat
- ports:
- - containerPort: 8080
- readinessProbe:
- tcpSocket:
- port: 8080
- initialDelaySeconds: 5
- periodSeconds: 10
- volumes:
- - name: cache-volume
- emptyDir: {}
-
-```
-
-Usage
-
-```shell
-kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper-library/master/library/general/requiredprobes/samples/must-have-probes/update.yaml
-```
-
diff --git a/website/docs/validation/selinux.md b/website/docs/validation/selinux.md
index f44f5588a..3c33766b5 100644
--- a/website/docs/validation/selinux.md
+++ b/website/docs/validation/selinux.md
@@ -284,41 +284,6 @@ Usage
kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper-library/master/library/pod-security-policy/selinux/samples/psp-selinux-v2/disallowed_ephemeral.yaml
```
-
-
-update
-
-```yaml
-kind: AdmissionReview
-apiVersion: admission.k8s.io/v1beta1
-request:
- operation: "UPDATE"
- object:
- apiVersion: v1
- kind: Pod
- metadata:
- name: nginx-selinux-disallowed
- labels:
- app: nginx-selinux
- spec:
- containers:
- - name: nginx
- image: nginx
- securityContext:
- seLinuxOptions:
- level: s1:c234,c567
- user: sysadm_u
- role: sysadm_r
- type: svirt_lxc_net_t
-
-```
-
-Usage
-
-```shell
-kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper-library/master/library/pod-security-policy/selinux/samples/psp-selinux-v2/update.yaml
-```
-
diff --git a/website/docs/validation/users.md b/website/docs/validation/users.md
index 69d592ca8..0b1ddfb77 100644
--- a/website/docs/validation/users.md
+++ b/website/docs/validation/users.md
@@ -450,42 +450,6 @@ Usage
kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper-library/master/library/pod-security-policy/users/samples/psp-pods-allowed-user-ranges/disallowed_ephemeral.yaml
```
-
-
-update
-
-```yaml
-kind: AdmissionReview
-apiVersion: admission.k8s.io/v1beta1
-request:
- operation: "UPDATE"
- object:
- apiVersion: v1
- kind: Pod
- metadata:
- name: nginx-users-disallowed
- labels:
- app: nginx-users
- spec:
- securityContext:
- supplementalGroups:
- - 250
- fsGroup: 250
- containers:
- - name: nginx
- image: nginx
- securityContext:
- runAsUser: 250
- runAsGroup: 250
-
-```
-
-Usage
-
-```shell
-kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper-library/master/library/pod-security-policy/users/samples/psp-pods-allowed-user-ranges/update.yaml
-```
-
diff --git a/website/docs/validation/volumes.md b/website/docs/validation/volumes.md
index b2ed0f55d..f2b8042bd 100644
--- a/website/docs/validation/volumes.md
+++ b/website/docs/validation/volumes.md
@@ -194,49 +194,6 @@ Usage
kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper-library/master/library/pod-security-policy/volumes/samples/psp-volume-types/example_allowed.yaml
```
-
-
-update
-
-```yaml
-kind: AdmissionReview
-apiVersion: admission.k8s.io/v1beta1
-request:
- operation: "UPDATE"
- object:
- apiVersion: v1
- kind: Pod
- metadata:
- name: nginx-volume-types-disallowed
- labels:
- app: nginx-volume-types
- spec:
- containers:
- - name: nginx
- image: nginx
- volumeMounts:
- - mountPath: /cache
- name: cache-volume
- - name: nginx2
- image: nginx
- volumeMounts:
- - mountPath: /cache2
- name: demo-vol
- volumes:
- - name: cache-volume
- hostPath:
- path: /tmp # directory location on host
- - name: demo-vol
- emptyDir: {}
-
-```
-
-Usage
-
-```shell
-kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper-library/master/library/pod-security-policy/volumes/samples/psp-volume-types/update.yaml
-```
-