kyverno/samples/DisallowHelmTiller.md

# Disallow Helm Tiller

Tiller has known security challenges. It requires adminstrative privileges and acts as a shared resource accessible to any authenticated user. Tiller can lead to privilge escalation as restricted users can impact other users.

## Policy YAML 

[disallow_helm_tiller.yaml](best_practices/disallow_helm_tiller.yaml) 

````yaml
apiVersion : kyverno.io/v1alpha1
kind: ClusterPolicy
metadata:
  name: disallow-helm-tiller
spec:
  rules:
  - name: validate-helm-tiller
    match:
      resources:
        kinds:
        - Pod
    validate:
      message: "Helm Tiller is not allowed"  
      pattern:
        spec:
          containers:
          - name: "*"
            image: "!*tiller*"

````
add disallow Helm tiller 2019-11-03 18:19:06 -08:00			`# Disallow Helm Tiller`

			`Tiller has known security challenges. It requires adminstrative privileges and acts as a shared resource accessible to any authenticated user. Tiller can lead to privilge escalation as restricted users can impact other users.`

			`## Policy YAML`

update categories and links 2019-11-11 18:21:16 -08:00			`[disallow_helm_tiller.yaml](best_practices/disallow_helm_tiller.yaml)`

add disallow Helm tiller 2019-11-03 18:19:06 -08:00			````yaml
			`apiVersion : kyverno.io/v1alpha1`
			`kind: ClusterPolicy`
			`metadata:`
			`name: disallow-helm-tiller`
			`spec:`
			`rules:`
			`- name: validate-helm-tiller`
			`match:`
			`resources:`
			`kinds:`
			`- Pod`
			`validate:`
			`message: "Helm Tiller is not allowed"`
			`pattern:`
			`spec:`
			`containers:`
			`- name: "*"`
			`image: "!tiller"`

			````