sa_8001/dsk-devops-toolchains
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6074d4cfb1afbb5483c46a501f05a9755abb7041
dsk-devops-toolchains/helm/openebs/templates/kyverno/allow-privileged-containers.yaml
dsk-minchulahn d601d0f259 디렉토리 구조 및 각 서비스 추가
2024-01-03 17:29:11 +09:00

30 lines
897 B
YAML
Raw Blame History

{{- if .Values.rbac.kyvernoEnabled }}
apiVersion: kyverno.io/v1
kind: Policy
metadata:
name: allow-privileged-containers
annotations:
policies.kyverno.io/category: Pod Security Standards (Privileged)
policies.kyverno.io/severity: medium
policies.kyverno.io/subject: Pod
policies.kyverno.io/description: >-
Privileged policies only allow the OpenEBS containers to use privileged mode.
spec:
validationFailureAction: enforce
background: true
rules:
- name: priviledged-containers
match:
resources:
kinds:
- Pod
validate:
message: >-
Privileged mode is allowed. The fields spec.containers[*].securityContext.privileged
must be defined or set to true.
pattern:
spec:
containers:
- =(securityContext):
=(privileged): "true"
{{- end }}
Reference in New Issue View Git Blame Copy Permalink