mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00
Code Activity

replacing pod security standard from default to baseline

Browse source 
Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>
This commit is contained in:
RinkiyaKeDad 2021-06-08 13:02:02 +05:30
parent 8eb1d4c7fb
commit d1be681773
3 changed files with 6 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
charts/kyverno/README.md
View file

@ -103,7 +103,7 @@ The following table lists the configurable parameters of the kyverno chart and t
| `service.type` | type of service | `ClusterIP` |
| `tolerations` | list of node taints to tolerate | `[]` |
| `securityContext` | security context configuration | `{}` |
| `podSecurityStandard` | set desired pod security level `privileged`, `default`, `restricted`, `custom`. Set to `restricted` for maximum security for your cluster. See: https://kyverno.io/policies/pod-security/ | `default` |
| `podSecurityStandard` | set desired pod security level `privileged`, `baseline`, `restricted`, `custom`. Set to `restricted` for maximum security for your cluster. See: https://kyverno.io/policies/pod-security/ | `baseline` |
| `podSecuritySeverity` | set desired pod security severity `low`, `medium`, `high`. Used severity level in PolicyReportResults for the selected pod security policies. | `medium` |
| `podSecurityPolicies` | Policies to include when `podSecurityStandard` is set to `custom` | `[]` |
| `validationFailureAction` | set to get response in failed validation check. Supported values- `audit`, `enforce`. See: https://kyverno.io/docs/writing-policies/validate/ | `audit` |

6
charts/kyverno/templates/_helpers.tpl
View file

@ -77,9 +77,9 @@ app.kubernetes.io/instance: {{ .Release.Name }}
{{- end -}}
{{- end -}}
{{/* Set if a default policy is managed */}}
{{- define "kyverno.podSecurityDefault" -}}
{{- if or (eq .Values.podSecurityStandard "default") (eq .Values.podSecurityStandard "restricted") }}
{{/* Set if a baseline policy is managed */}}
{{- define "kyverno.podSecurityBaseline" -}}
{{- if or (eq .Values.podSecurityStandard "baseline") (eq .Values.podSecurityStandard "restricted") }}
{{- true }}
{{- else if and (eq .Values.podSecurityStandard "custom") (has .name .Values.podSecurityPolicies) }}
{{- true }}

4
charts/kyverno/values.yaml
View file

@ -1,9 +1,9 @@
nameOverride:
fullnameOverride:
namespace:
# Supported- default/restricted/privileged/custom
# Supported- baseline/restricted/privileged/custom
# For more info- https://kyverno.io/policies/pod-security
podSecurityStandard: default
podSecurityStandard: baseline
# Supported- low/medium/high
podSecuritySeverity: medium
# Policies to include when podSecurityStandard is custom