Giters

kubewarden / allowed-fsgroups-psp-policy

Replacement for the Kubernetes Pod Security Policy that controls the usage of fsGroup in the pod security context

Home Page:https://kubewarden.io

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

hacktoberfestkuberneteskubernetes-securitykubewarden-policypod-security-policypolicy-as-codewebassembly

Kubewarden policy psp-allowed-fsgroups

Replacement for the Kubernetes Pod Security Policy that controls the usage of fsGroup in the pod security context.

Settings

This policy works by defining what fsGroup is allowed in the pod security context.

One of the following setting keys are accepted for this policy:

  • MustRunAs: contains a list of ranges that define valid ranges for the fsGroup value. At least one range must contain the provided .securityContext.fsGroup. If the pod does not contain a .securityContext, or a .securityContext.fsGroup, then this policy acts as mutating and defaults the fsGroup attribute to the first min value of the list of provided ranges.
  • MayRunAs: contains a list of ranges that define valid ranges for the fsGroup value. At least one range must contain the provided .securityContext.fsGroup. If the pod does not contain a .securityContext or a .securityContext.fsGroup, then this policy will accept the request.
  • RunAsAny: always accepts the request.

Configuration examples:

rule: RunAsAny
rule: MayRunAs
ranges:
  - min: 1000
    max: 2000
  - min: 3000
    max: 4000
rule: MustRunAs
ranges:
  - min: 1000 # If no fsGroup is set for the pod, the
              # policy will default it to this value
    max: 2000
  - min: 3000
    max: 4000

About

Replacement for the Kubernetes Pod Security Policy that controls the usage of fsGroup in the pod security context

https://kubewarden.io

hacktoberfestkuberneteskubernetes-securitykubewarden-policypod-security-policypolicy-as-codewebassembly

License:Apache License 2.0

Languages

Language:Rust 95.5%Language:Makefile 4.5%