mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-08 17:06:57 +00:00
Code Activity
kyverno/samples/best_practices/disallow_root_user.yaml

28 lines
854 B
YAML
Raw Normal View History

update api in samples/
2019-11-13 13:56:20 -08:00
apiVersion: kyverno.io/v1
inital commit, add samples folder
2019-10-08 18:40:15 -07:00
kind: ClusterPolicy
metadata:
update disallow_root_user
2019-11-08 19:25:43 -08:00
name: disallow-root-user
Provide descriptions for policies
2019-10-11 18:57:16 -07:00
annotations:
update disallow_root_user
2019-11-08 19:25:43 -08:00
policies.kyverno.io/category: Security
update description format
2019-10-14 16:33:19 -07:00
policies.kyverno.io/description: By default, processes in a container run as a
root user (uid 0). To prevent potential compromise of container hosts, specify a
least privileged user ID when building the container image and require that
application containers run as non root users.
inital commit, add samples folder
2019-10-08 18:40:15 -07:00
spec:
rules:
update disallow_root_user
2019-11-08 19:25:43 -08:00
- name: validate-runAsNonRoot
inital commit, add samples folder
2019-10-08 18:40:15 -07:00
match:
resources:
kinds:
- Pod
validate:
update disallow_root_user
2019-11-08 19:25:43 -08:00
message: "Running as root user is not allowed. Set runAsNonRoot to true"
inital commit, add samples folder
2019-10-08 18:40:15 -07:00
anyPattern:
- spec:
securityContext:
runAsNonRoot: true
- spec:
containers:
- name: "*"
securityContext:
runAsNonRoot: true
Copy permalink