mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-29 02:45:06 +00:00
Code Activity

allow fsGroup values greater than zero (#1822)

Browse source 
change the policy require-non-root-groups to allow fsGroup values greater than zero

Signed-off-by: Metzger, Simon <smnmtzgr@gmail.com>
This commit is contained in:
Simon Metzger 2021-04-21 21:12:26 +02:00 committed by GitHub
parent b5fd23588a
commit 6e76fd68f0
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
charts/kyverno/templates/policies/restricted/require-non-root-groups.yaml
View file

@ -56,10 +56,10 @@ spec:
- Pod
validate:
message: >-
Changing of file system groups is not allowed. The field
spec.securityContext.fsGroup must not be defined.
Changing to root group ID is disallowed. The field
spec.securityContext.fsGroup must be empty or greater than zero.
pattern:
spec:
=(securityContext):
X(fsGroup): "*"
=(fsGroup): ">0"
{{- end -}}