디렉토리 구조 및 각 서비스 추가

helm/openebs/templates/kyverno/allow-privilege-escalation.yaml

@@ -0,0 +1,30 @@
+{{- if .Values.rbac.kyvernoEnabled }}
+apiVersion: kyverno.io/v1
+kind: Policy
+metadata:
+  name: allow-privileged-escalation
+  annotations:
+    policies.kyverno.io/category: Pod Security Standards (Privileged)
+    policies.kyverno.io/severity: medium
+    policies.kyverno.io/subject: Pod
+    policies.kyverno.io/description: >-
+      Privilege escalation, such as via set-user-ID or set-group-ID file mode, should be allowed.
+spec:
+  validationFailureAction: enforce
+  background: true
+  rules:
+    - name: priviledged-escalation
+      match:
+        resources:
+          kinds:
+            - Pod
+      validate:
+        message: >-
+          Privilege escalation is allowed. The fields spec.containers[*].securityContext.allowPrivilegeEscalation 
+          must be defined or set to `true`.
+        pattern:
+          spec:
+            containers:
+              - =(securityContext):
+                  =(allowPrivilegeEscalation): "true"
+{{- end }}