mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-06 16:06:56 +00:00
Code Activity
kyverno/samples/DisallowHelmTiller.md

30 lines
825 B
Markdown
Raw Normal View History

add disallow Helm tiller
2019-11-03 18:19:06 -08:00
# Disallow Helm Tiller
correct misspelled words
2020-11-17 12:01:01 -08:00
Tiller, in the [now-deprecated Helm v2](https://helm.sh/blog/helm-v2-deprecation-timeline/), has known security challenges. It requires administrative privileges and acts as a shared resource accessible to any authenticated user. Tiller can lead to privilge escalation as restricted users can impact other users.
add disallow Helm tiller
2019-11-03 18:19:06 -08:00
manifest fixes; typos; linting (#1240)
2020-11-11 15:55:02 -05:00
## Policy YAML
add disallow Helm tiller
2019-11-03 18:19:06 -08:00
manifest fixes; typos; linting (#1240)
2020-11-11 15:55:02 -05:00
[disallow_helm_tiller.yaml](best_practices/disallow_helm_tiller.yaml)
update categories and links
2019-11-11 18:21:16 -08:00
add disallow Helm tiller
2019-11-03 18:19:06 -08:00
````yaml
update api in samples/
2019-11-13 13:56:20 -08:00
apiVersion : kyverno.io/v1
add disallow Helm tiller
2019-11-03 18:19:06 -08:00
kind: ClusterPolicy
metadata:
name: disallow-helm-tiller
spec:
add validateFailureAction to all policies (#1068)
2020-08-19 14:04:58 -07:00
validationFailureAction: audit
add disallow Helm tiller
2019-11-03 18:19:06 -08:00
rules:
- name: validate-helm-tiller
match:
resources:
kinds:
- Pod
validate:
message: "Helm Tiller is not allowed"
pattern:
spec:
containers:
- name: "*"
image: "!*tiller*"
manifest fixes; typos; linting (#1240)
2020-11-11 15:55:02 -05:00
````
Copy permalink