All Policies

Restricted Pod Security Standards

The restricted profile of the Pod Security Standards, which is inclusive of the baseline profile, is a collection of all the most common configurations that can be taken to secure Pods. Beginning with Kyverno 1.8, an entire profile may be assigned to the cluster through a single rule. This policy configures the restricted profile through the latest version of the Pod Security Standards cluster wide.

Policy Definition

/pod-security/subrule/restricted/restricted-latest/restricted-latest.yaml

 1apiVersion: kyverno.io/v1
 2kind: ClusterPolicy
 3metadata:
 4  name: podsecurity-subrule-restricted
 5  annotations:
 6    policies.kyverno.io/title: Restricted Pod Security Standards
 7    policies.kyverno.io/category: Pod Security, EKS Best Practices
 8    policies.kyverno.io/severity: medium
 9    kyverno.io/kyverno-version: 1.8.0
10    policies.kyverno.io/minversion: 1.8.0
11    kyverno.io/kubernetes-version: "1.24"
12    policies.kyverno.io/subject: Pod
13    policies.kyverno.io/description: >-
14      The restricted profile of the Pod Security Standards, which is inclusive of
15      the baseline profile, is a collection of all the most common configurations
16      that can be taken to secure Pods. Beginning with Kyverno 1.8, an entire profile
17      may be assigned to the cluster through a single rule. This policy configures the
18      restricted profile through the latest version of the Pod Security Standards cluster wide.      
19spec:
20  background: true
21  validationFailureAction: audit
22  rules:
23  - name: restricted
24    match:
25      any:
26      - resources:
27          kinds:
28          - Pod
29    validate:
30      podSecurity:
31        level: restricted
32        version: latest