Skip to content
/ host-namespaces-psp-policy Public

Replacement for the Kubernetes Pod Security Policy that controls the usage of host namespaces

kubewarden.io

License

Apache-2.0 license
1 star 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

kubewarden/host-namespaces-psp-policy

BranchesTags

Repository files navigation

Kubewarden Policy Repository Stable

Kubewarden policy psp-host-namespaces

Description

Replacement for the Kubernetes Pod Security Policy that controls the usage of host namespaces

Settings

This policy works by defining what host namespaces can be used by a Pod.

The following setting keys are accepted for this policy:

  • allow_host_ipc: allows the pod to set .spec.HostIPC to true.

  • allow_host_network: allows the pod to set .spec.HostNetwork to true.

  • allow_host_pid: allows the pod to set .spec.HostPID to true.

  • allow_host_ports: is a range of ports of the form:

    allow_host_ports:
  - min: 80
    max: 80
  - min: 443
    max: 443
  - min: 8000
    max: 9000

    This example would allow host ports 80, 443 and the range 8000-9000.

allow_host_ipc, allow_host_network and allow_host_pid are false by default. allow_host_ports is an empty list by default. This means that by default host IPC, network, pid and all host ports are disabled when this policy is loaded with no configuration.

The policy validates Pods at creation time.

About

Replacement for the Kubernetes Pod Security Policy that controls the usage of host namespaces

kubewarden.io

Topics

kubernetes webassembly hacktoberfest policy-as-code pod-security-policy kubernetes-security kubewarden-policy

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

1 star

Watchers

6 watching

Forks

4 forks
Report repository

Releases 16

Release v0.1.6 Latest
Jul 7, 2023
+ 15 releases

Packages

 
 
 

Contributors 9

Languages