You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As of 1.25, in a Pod the spec.os is now enforced and obeyed whereas previously it was null. See blog here. Need to update PSS policies so for the three mentioned controls in the Restricted profile it only takes effect if the spec.os is ≠ windows.
The text was updated successfully, but these errors were encountered:
Kyverno 1.8.0 is the first version that will be able to get the API server's version (by requesting /version). Prior to kubelet 1.24, spec.os could be set yet wasn't enforced. This means to update the PSS policies appropriately with the relaxed controls for running on Windows requires minimum version of Kyverno 1.8.0 or else it could mean policy circumvention.
As of 1.25, in a Pod the
spec.os
is now enforced and obeyed whereas previously it was null. See blog here. Need to update PSS policies so for the three mentioned controls in the Restricted profile it only takes effect if thespec.os
is ≠windows
.The text was updated successfully, but these errors were encountered: