mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-09 09:26:54 +00:00
| .. | ||
| resources | ||
| README.md | ||
| validate_container_security_context.yaml | ||
| validate_default_namespace.yaml | ||
| validate_host_network_port.yaml | ||
| validate_host_path.yaml | ||
| validate_image_registries.yaml | ||
| validate_image_tag.yaml | ||
| validate_pod_probes.yaml | ||
| validate_pod_resources.yaml | ||
Best Practice Policies
This folder contains recommended policies
| Best practice | Policy | |
|---|---|---|
| Run as non-root user | ||
| Disallow privileged and privilege escalation | ||
| Disallow use of host networking and ports | ||
| Disallow use of host filesystem | ||
| Disallow hostPOD and hostIPC | ||
| Require read only root filesystem | ||
| Disallow node ports | ||
| Allow trusted registries | ||
| Require resource requests and limits | container_resources.yaml | |
| Require pod liveness and readiness probes | ||
| Require an image tag | ||
| Disallow latest tag and pull IfNotPresent | ||
| Require a namespace (disallow default) | ||
| Disallow use of kube-system namespace | ||
| Prevent mounting of service account secret | ||
| Require a default network policy | ||
| Require namespace quotas and limit ranges |