mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-09 17:37:12 +00:00
2.3 KiB
2.3 KiB
Best Practice Policies
This folder contains recommended policies
| Best practice | Policy |
|---|---|
| Run as non-root user | |
| Disallow privileged and privilege escalation | |
| Disallow use of host networking and ports | |
| Disallow use of host filesystem | |
| Disallow hostPOD and hostIPC | |
| Require read only root filesystem | |
| Disallow node ports | |
| Allow trusted registries | |
| Require resource requests and limits | container_resources.yaml |
| Require pod liveness and readiness probes | |
| Require an image tag | |
| Disallow latest tag and pull IfNotPresent | |
| Require a namespace (disallow default) | |
| Disallow use of kube-system namespace | |
| Prevent mounting of service account secret | |
| Require a default network policy | |
| Require namespace quotas and limit ranges |