Kubewarden policy psp-host-namespaces

Description

Replacement for the Kubernetes Pod Security Policy that controls the usage of host namespaces

Settings

This policy works by defining what host namespaces can be used by a Pod.

The following setting keys are accepted for this policy:

allow_host_ipc: allows the pod to set .spec.HostIPC to true.
allow_host_network: allows the pod to set .spec.HostNetwork to true.
allow_host_pid: allows the pod to set .spec.HostPID to true.

allow_host_ports: is a range of ports of the form:

allow_host_ports:
  - min: 80
    max: 80
  - min: 443
    max: 443
  - min: 8000
    max: 9000

This example would allow host ports 80, 443 and the range 8000-9000.

allow_host_ipc, allow_host_network and allow_host_pid are false by default. allow_host_ports is an empty list by default. This means that by default host IPC, network, pid and all host ports are disabled when this policy is loaded with no configuration.

The policy validates Pods at creation time.

Name		Name	Last commit message	Last commit date
Latest commit History 122 Commits
.github/workflows		.github/workflows
src		src
test_data		test_data
.gitignore		.gitignore
CODEOWNERS		CODEOWNERS
CONTRIBUTING.md		CONTRIBUTING.md
Cargo.lock		Cargo.lock
Cargo.toml		Cargo.toml
LICENSE		LICENSE
Makefile		Makefile
README.md		README.md
artifacthub-pkg.yml		artifacthub-pkg.yml
artifacthub-repo.yml		artifacthub-repo.yml
hub.yml		hub.yml
metadata.yml		metadata.yml
questions-ui.yml		questions-ui.yml
renovate.json		renovate.json

License

kubewarden/host-namespaces-psp-policy

Folders and files

Latest commit

History

Repository files navigation

Kubewarden policy psp-host-namespaces

Description

Settings

About

Topics

Resources

License

Stars

Watchers

Forks

Languages