diff --git a/charts/test-krish-globalps/Chart.yaml b/charts/test-krish-globalps/Chart.yaml index 82d4a386..6b31caf7 100644 --- a/charts/test-krish-globalps/Chart.yaml +++ b/charts/test-krish-globalps/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: test-krish description: Pod Security Standards (baseline) policy set type: application -version: 0.5.8 +version: 0.5.9 appVersion: 0.1.0 keywords: - kubernetes diff --git a/charts/test-krish-globalps/pols/disallow-host-namespaces.yaml b/charts/test-krish-globalps/pols/disallow-host-namespaces.yaml deleted file mode 100644 index 4d75e3ce..00000000 --- a/charts/test-krish-globalps/pols/disallow-host-namespaces.yaml +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: disallow-host-namespaces - annotations: - policies.kyverno.io/title: Disallow Host Namespaces - policies.kyverno.io/category: Pod Security Standards (Baseline) - policies.kyverno.io/severity: medium - kyverno.io/kubernetes-version: "1.22-1.23" - policies.kyverno.io/subject: Pod - policies.nirmata.io/remediation-docs: "https://docs.nirmata.io/policysets/podsecurity/baseline/disallow-host-namespaces/" - policies.nirmata.io/remediation: "https://github.com/nirmata/kyverno-policies/tree/main/pod-security/baseline/disallow-host-namespaces/remediate-disallow-host-namespaces.yaml" - policies.kyverno.io/description: >- - Host namespaces (Process ID namespace, Inter-Process Communication namespace, and - network namespace) allow access to shared information and can be used to elevate - privileges. Pods should not be allowed access to host namespaces. This policy ensures - fields which make use of these host namespaces are unset or set to `false`. -spec: - validationFailureAction: Audit - background: true - rules: - - name: host-namespaces - match: - any: - - resources: - kinds: - - Pod - validate: - message: >- - Sharing the host namespaces is disallowed. - pattern: - spec: - =(hostPID): "false" - =(hostIPC): "false" - =(hostNetwork): "false"