mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-31 03:45:17 +00:00
Code Activity

update README.md

Browse source
This commit is contained in:
Jim Bugwadia 2019-10-31 18:43:06 -07:00
parent eebfab87e5
commit d58113233c
1 changed files with 15 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
samples/README.md
View file

@ -27,27 +27,28 @@ These policies are highly recommended.
1. [Run as non-root user](RunAsNonRootUser.md)
2. [Disable privileged containers and disallow privilege escalation](DisablePrivilegedContainers.md)
3. [Require Read-only root filesystem](RequireReadOnlyFS.md)
4. [Disallow use of host filesystem](DisallowHostFS.md)
5. [Disallow `hostNetwork` and `hostPort`](DisallowHostNetworkPort.md)
6. [Disallow `hostPID` and `hostIPC`](DisallowHostPIDIPC.md)
7. [Disallow unknown image registries](DisallowUnknownRegistries.md)
3. [Disallow new capabilities](DisallowNewCapabilities.md)
4. [Require Read-only root filesystem](RequireReadOnlyFS.md)
5. [Disallow use of host filesystem](DisallowHostFS.md)
6. [Disallow `hostNetwork` and `hostPort`](DisallowHostNetworkPort.md)
7. [Disallow `hostPID` and `hostIPC`](DisallowHostPIDIPC.md)
8. [Disallow unknown image registries](DisallowUnknownRegistries.md)
8. [Disallow latest image tag](DisallowLatestTag.md)
9. [Disallow use of default namespace](DisallowDefaultNamespace.md)
10. [Require namespace limits and quotas](RequireNSLimitsQuotas.md)
11. [Require pod resource requests and limits](RequirePodRequestsLimits.md)
12. [Require pod `livenessProbe` and `readinessProbe`](RequirePodProbes.md)
13. [Default deny all ingress traffic](DefaultDenyAllIngress.md)
10. [Disallow use of default namespace](DisallowDefaultNamespace.md)
11. [Require namespace limits and quotas](RequireNSLimitsQuotas.md)
12. [Require pod resource requests and limits](RequirePodRequestsLimits.md)
13. [Require pod `livenessProbe` and `readinessProbe`](RequirePodProbes.md)
14. [Default deny all ingress traffic](DefaultDenyAllIngress.md)
## Additional Policies
The policies provide additional best practices and are worthy of close consideration. These policies may require workload specific changes.
14. [Limit use of `NodePort` services](LimitNodePort.md)
15. [Limit automount of Service Account credentials](DisallowAutomountSACredentials.md)
16. [Configure Linux Capabilities](AssignLinuxCapabilities.md)
17. [Limit Kernel parameter access](ConfigureKernelParmeters.md)
15. [Limit use of `NodePort` services](LimitNodePort.md)
16. [Limit automount of Service Account credentials](DisallowAutomountSACredentials.md)
17. [Configure Linux Capabilities](AssignLinuxCapabilities.md)
18. [Limit Kernel parameter access](ConfigureKernelParmeters.md)