mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00
Code Activity

- update samples/policy - retag 1.1.0

Browse source
This commit is contained in:
Shuting Zhao 2020-01-10 19:26:09 -08:00
parent 54275bdc01
commit 8de265d8a4
2 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
samples/best_practices/disallow_bind_mounts.yaml
View file

@ -10,7 +10,6 @@ metadata:
to a specific host and data persisted in the `hostPath` volume is coupled to the life of the
node leading to potential pod scheduling failures. It is highly recommended that applications
are designed to be decoupled from the underlying infrastructure (in this case, nodes).
spec:
rules:
- name: validate-hostPath

3
samples/best_practices/disallow_helm_tiller.yaml
View file

@ -4,7 +4,8 @@ metadata:
name: disallow-helm-tiller
annotations:
policies.kyverno.io/category: Security
policies.kyverno.io/description: Tiller has known security challenges. It requires adminstrative privileges and acts as a shared resource accessible to any authenticated user. Tiller can lead to privilge escalation as restricted users can impact other users.
policies.kyverno.io/description: Tiller has known security challenges. It requires adminstrative privileges and acts as a shared
resource accessible to any authenticated user. Tiller can lead to privilge escalation as restricted users can impact other users.
spec:
rules:
- name: validate-helm-tiller