diff --git a/charts/test-krish-globalps/Chart.yaml b/charts/test-krish-globalps/Chart.yaml index 905db479..f6a4ac9a 100644 --- a/charts/test-krish-globalps/Chart.yaml +++ b/charts/test-krish-globalps/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: test-krish description: Pod Security Standards (baseline) policy set type: application -version: 0.5.18 +version: 0.5.19 appVersion: 0.1.0 keywords: - kubernetes diff --git a/charts/test-krish-globalps/pols/restrict-apparmor-profiles.yaml b/charts/test-krish-globalps/pols/restrict-apparmor-profiles.yaml deleted file mode 100644 index b3ad4f02..00000000 --- a/charts/test-krish-globalps/pols/restrict-apparmor-profiles.yaml +++ /dev/null @@ -1,34 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: restrict-apparmor-profiles - annotations: - policies.kyverno.io/title: Restrict AppArmor - policies.kyverno.io/category: Pod Security Standards (Baseline) - policies.kyverno.io/severity: medium - policies.kyverno.io/subject: Pod, Annotation - policies.kyverno.io/minversion: 1.3.0 - kyverno.io/kubernetes-version: "1.22-1.23" - policies.nirmata.io/remediation-docs: "https://docs.nirmata.io/policysets/podsecurity/baseline/restrict-apparmor-profiles/" - policies.kyverno.io/description: >- - On supported hosts, the 'runtime/default' AppArmor profile is applied by default. - The default policy should prevent overriding or disabling the policy, or restrict - overrides to an allowed set of profiles. This policy ensures Pods do not - specify any other AppArmor profiles than `runtime/default` or `localhost/*`. -spec: - validationFailureAction: Audit - background: true - rules: - - name: app-armor - match: - any: - - resources: - kinds: - - Pod - validate: - message: >- - Specifying other AppArmor profiles is disallowed. - pattern: - =(metadata): - =(annotations): - =(container.apparmor.security.beta.kubernetes.io/*): "runtime/default | localhost/*"