mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-10 01:46:55 +00:00
23 lines
2.3 KiB
Markdown
23 lines
2.3 KiB
Markdown
# Best Practice Policies
|
|
|
|
This folder contains recommended policies
|
|
|
|
| Best practice | Policy
|
|
|------------------------------------------------|-----------------------------------------------------------------------|
|
|
| Run as non-root user | |
|
|
| Disallow privileged and privilege escalation | |
|
|
| Disallow use of host networking and ports | |
|
|
| Disallow use of host filesystem | |
|
|
| Disallow hostPOD and hostIPC | |
|
|
| Require read only root filesystem | |
|
|
| Disallow node ports | |
|
|
| Allow trusted registries | |
|
|
| Require resource requests and limits | [container_resources.yaml](container_resources.yaml) |
|
|
| Require pod liveness and readiness probes | |
|
|
| Require an image tag | |
|
|
| Disallow latest tag and pull IfNotPresent | |
|
|
| Require a namespace (disallow default) | |
|
|
| Disallow use of kube-system namespace | |
|
|
| Prevent mounting of service account secret | |
|
|
| Require a default network policy | |
|
|
| Require namespace quotas and limit ranges | |
|