-
Notifications
You must be signed in to change notification settings - Fork 4
Expand file tree
/
Copy pathgatekeeper.yaml
More file actions
33 lines (33 loc) · 894 Bytes
/
gatekeeper.yaml
File metadata and controls
33 lines (33 loc) · 894 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
apiVersion: mutations.gatekeeper.sh/v1alpha1
kind: Assign
metadata:
name: k8spspdefaultallowprivilegeescalation
spec:
applyTo:
- groups: [""]
kinds: ["Pod"]
versions: ["v1"]
location: "spec.containers[name:*].securityContext.allowPrivilegeEscalation"
parameters:
pathTests:
- subPath: "spec.containers[name:*].securityContext.allowPrivilegeEscalation"
condition: MustNotExist
assign:
value: false
---
apiVersion: mutations.gatekeeper.sh/v1alpha1
kind: Assign
metadata:
name: k8spspdefaultallowprivilegeescalation-init
spec:
applyTo:
- groups: [""]
kinds: ["Pod"]
versions: ["v1"]
location: "spec.initContainers[name:*].securityContext.allowPrivilegeEscalation"
parameters:
pathTests:
- subPath: "spec.initContainers[name:*].securityContext.allowPrivilegeEscalation"
condition: MustNotExist
assign:
value: false