sheppy/opendesk
1
0
Fork 0
mirror of https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git synced 2025-12-06 07:21:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
56ddb422ca205102b1cf572886c87a51ec48db32
opendesk/docs/security/wld-iso/kyverno-test.yaml
Sebastian Kawelke 56ddb422ca Adds sec context and workload isolation kyverno checks 
Signed-off-by: Sebastian Kawelke <sebastian.kawelke@l3montree.com>
2025-12-01 13:33:13 +01:00

34 lines
793 B
YAML
Raw Blame History

apiVersion: cli.kyverno.io/v1alpha1
kind: Test
metadata:
name: wld-iso
policies:
- wld-iso-001_host-namespaces.yaml
- wld-iso-002_hostpath-volumes.yaml
- wld-iso-003_host-ports.yaml
- wld-iso-004_host-probes.yaml
- wld-iso-005_volume-types.yaml
resources:
- ../../../rendered.yaml
exceptions: []
results:
# wld-iso-001
- policy: disallow-host-namespaces
rule: host-namespaces
result: pass
# wld-iso-002
- policy: disallow-host-path
rule: host-path
result: pass
# wld-iso-003
- policy: disallow-host-ports
rule: host-ports-none
result: pass
# wld-iso-004
- policy: disallow-host-probes-lifecycle
rule: host-probes-lifecycle
result: pass
# wld-iso-005
- policy: restrict-volume-types
rule: restricted-volumes
result: pass
Reference in New Issue View Git Blame Copy Permalink