mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-09 09:26:54 +00:00
Code Activity
kyverno/examples/best_practices
History
Shuting Zhao ae8264deae Merge branch 'best_practice_policies' of https://github.com/nirmata/kyverno into best_practice_policies 
# Conflicts:
#	examples/best_practices/policy_validate_container_disallow_priviledgedprivelegesecalation.yaml
#	examples/best_practices/policy_validate_container_security_context.yaml
#	examples/best_practices/validate_container_security_context.yaml
2019-09-09 10:36:56 -07:00
..
resources Merge branch 'best_practice_policies' of https://github.com/nirmata/kyverno into best_practice_policies 2019-09-09 10:36:56 -07:00
policy_mutate_pod_disable_automountingapicred.yaml add policies 2019-09-06 10:03:24 -07:00
policy_validate_container_disallow_priviledgedprivelegesecalation.yaml Merge branch 'best_practice_policies' of https://github.com/nirmata/kyverno into best_practice_policies 2019-09-09 10:36:56 -07:00
policy_validate_default_namespace.yaml upate readme links and remove duplicate policies 2019-09-08 10:41:07 -07:00
policy_validate_deny_runasrootuser.yaml upate readme links and remove duplicate policies 2019-09-08 10:41:07 -07:00
policy_validate_host_network_port.yaml upate readme links and remove duplicate policies 2019-09-08 10:41:07 -07:00
policy_validate_host_path.yaml upate readme links and remove duplicate policies 2019-09-08 10:41:07 -07:00
policy_validate_image_latest_ifnotpresent_deny.yaml add policies 2019-09-06 10:03:24 -07:00
policy_validate_image_pullpolicy_notalways_deny.yaml add policies 2019-09-06 10:03:24 -07:00
policy_validate_image_registries.yaml upate readme links and remove duplicate policies 2019-09-08 10:41:07 -07:00
policy_validate_image_tag.yaml add policies 2019-09-06 10:03:24 -07:00
policy_validate_image_tag_latest_deny.yaml add policies 2019-09-06 10:03:24 -07:00
policy_validate_image_tag_notspecified_deny.yaml add policies 2019-09-06 10:03:24 -07:00
policy_validate_pod_probes.yaml add policies 2019-09-06 10:03:24 -07:00
README.md upate readme links and remove duplicate policies 2019-09-08 10:41:07 -07:00

README.md

Best Practice Policies

Best practice Policy
Run as non-root user policy_validate_deny_runasrootuser.yaml
Disallow privileged and privilege escalation policy_validate_container_disallow_priviledgedprivelegesecalation.yaml
Disallow use of host networking and ports policy_validate_host_network_port.yaml
Disallow use of host filesystem policy_validate_host_path.yaml
Disallow hostPOD and hostIPC
Require read only root filesystem
Disallow node ports
Allow trusted registries policy_validate_image_registries.yaml
Require resource requests and limits policy_validate_pod_resources.yaml
Require pod liveness and readiness probes policy_validate_pod_probes.yaml
Require an image tag policy_validate_image_tag_notspecified_deny.yaml
Disallow latest tag and pull IfNotPresent policy_validate_image_latest_ifnotpresent_deny.yaml
Require a namespace (disallow default)
Disallow use of kube-system namespace
Prevent mounting of service account secret
Require a default network policy
Require namespace quotas and limit ranges