From d62ac31b110014fca348b6473c254cb088b6db4c Mon Sep 17 00:00:00 2001 From: krishbajaj1609 Date: Tue, 4 Jun 2024 20:59:23 +0530 Subject: [PATCH] feature/global-policy-set : upgrade version for test --- charts/test-krish-globalps/Chart.yaml | 2 +- .../pols/disallow-proc-mount.yaml | 41 ------------------- 2 files changed, 1 insertion(+), 42 deletions(-) delete mode 100644 charts/test-krish-globalps/pols/disallow-proc-mount.yaml diff --git a/charts/test-krish-globalps/Chart.yaml b/charts/test-krish-globalps/Chart.yaml index 77788a0a..222a3bb0 100644 --- a/charts/test-krish-globalps/Chart.yaml +++ b/charts/test-krish-globalps/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: test-krish description: Pod Security Standards (baseline) policy set type: application -version: 0.5.1 +version: 0.5.2 appVersion: 0.1.0 keywords: - kubernetes diff --git a/charts/test-krish-globalps/pols/disallow-proc-mount.yaml b/charts/test-krish-globalps/pols/disallow-proc-mount.yaml deleted file mode 100644 index 63359cf7..00000000 --- a/charts/test-krish-globalps/pols/disallow-proc-mount.yaml +++ /dev/null @@ -1,41 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: disallow-proc-mount - annotations: - policies.kyverno.io/title: Disallow procMount - policies.kyverno.io/category: Pod Security Standards (Baseline) - policies.kyverno.io/severity: medium - policies.kyverno.io/subject: Pod - kyverno.io/kubernetes-version: "1.22-1.23" - policies.nirmata.io/remediation-docs: "https://docs.nirmata.io/policysets/podsecurity/baseline/disallow-proc-mount/" - policies.nirmata.io/remediation: "https://github.com/nirmata/kyverno-policies/tree/main/pod-security/baseline/disallow-proc-mount/remediate-disallow-proc-mount-containers.yaml" - policies.kyverno.io/description: >- - The default /proc masks are set up to reduce attack surface and should be required. This policy - ensures nothing but the default procMount can be specified. Note that in order for users - to deviate from the `Default` procMount requires setting a feature gate at the API - server. -spec: - validationFailureAction: Audit - background: true - rules: - - name: check-proc-mount - match: - any: - - resources: - kinds: - - Pod - validate: - message: >- - Changing the proc mount from the default is not allowed. - pattern: - spec: - =(ephemeralContainers): - - =(securityContext): - =(procMount): "Default" - =(initContainers): - - =(securityContext): - =(procMount): "Default" - containers: - - =(securityContext): - =(procMount): "Default"