mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-09 09:26:54 +00:00
Code Activity
kyverno/examples/best_practices
History
Shuting Zhao f1192d1dc1 update readme link
2019-09-09 14:55:12 -07:00
..
resources add validate_namespace test runner 2019-09-09 14:33:55 -07:00
policy_mutate_pod_disable_automountingapicred.yaml add policies 2019-09-06 10:03:24 -07:00
policy_validate_container_disallow_priviledgedprivelegesecalation.yaml add disallow_priviledgedprivelegesecalation test runner 2019-09-09 10:56:19 -07:00
policy_validate_default_namespace.yaml add validate_namespace test runner 2019-09-09 14:33:55 -07:00
policy_validate_deny_runasrootuser.yaml upate readme links and remove duplicate policies 2019-09-08 10:41:07 -07:00
policy_validate_host_network_port.yaml upate readme links and remove duplicate policies 2019-09-08 10:41:07 -07:00
policy_validate_host_path.yaml upate readme links and remove duplicate policies 2019-09-08 10:41:07 -07:00
policy_validate_image_latest_ifnotpresent_deny.yaml add policies 2019-09-06 10:03:24 -07:00
policy_validate_image_pullpolicy_notalways_deny.yaml add policies 2019-09-06 10:03:24 -07:00
policy_validate_image_registries.yaml upate readme links and remove duplicate policies 2019-09-08 10:41:07 -07:00
policy_validate_image_tag.yaml add policies 2019-09-06 10:03:24 -07:00
policy_validate_image_tag_latest_deny.yaml add policies 2019-09-06 10:03:24 -07:00
policy_validate_image_tag_notspecified_deny.yaml add policies 2019-09-06 10:03:24 -07:00
policy_validate_pod_probes.yaml add policies 2019-09-06 10:03:24 -07:00
README.md update readme link 2019-09-09 14:55:12 -07:00

README.md

Best Practice Policies

Best practice Policy
Run as non-root user policy_validate_deny_runasrootuser.yaml
Disallow privileged and privilege escalation policy_validate_container_disallow_priviledgedprivelegesecalation.yaml
Disallow use of host networking and ports policy_validate_host_network_port.yaml
Disallow use of host filesystem policy_validate_host_path.yaml
Disallow hostPOD and hostIPC
Require read only root filesystem
Disallow node ports
Allow trusted registries policy_validate_image_registries.yaml
Require resource requests and limits policy_validate_pod_resources.yaml
Require pod liveness and readiness probes policy_validate_pod_probes.yaml
Require an image tag policy_validate_image_tag_notspecified_deny.yaml
Disallow latest tag and pull IfNotPresent policy_validate_image_latest_ifnotpresent_deny.yaml
Require a namespace (disallow default) policy_validate_default_namespace.yaml
Disallow use of kube-system namespace
Prevent mounting of service account secret
Require a default network policy
Require namespace quotas and limit ranges