All Policies
Restricted Pod Security Standards
The restricted profile of the Pod Security Standards, which is inclusive of the baseline profile, is a collection of all the most common configurations that can be taken to secure Pods. Beginning with Kyverno 1.8, an entire profile may be assigned to the cluster through a single rule. This policy configures the restricted profile through the latest version of the Pod Security Standards cluster wide.
Policy Definition
/pod-security/subrule/restricted/restricted-latest/restricted-latest.yaml
1apiVersion: kyverno.io/v1
2kind: ClusterPolicy
3metadata:
4 name: podsecurity-subrule-restricted
5 annotations:
6 policies.kyverno.io/title: Restricted Pod Security Standards
7 policies.kyverno.io/category: Pod Security, EKS Best Practices
8 policies.kyverno.io/severity: medium
9 kyverno.io/kyverno-version: 1.8.0
10 policies.kyverno.io/minversion: 1.8.0
11 kyverno.io/kubernetes-version: "1.24"
12 policies.kyverno.io/subject: Pod
13 policies.kyverno.io/description: >-
14 The restricted profile of the Pod Security Standards, which is inclusive of
15 the baseline profile, is a collection of all the most common configurations
16 that can be taken to secure Pods. Beginning with Kyverno 1.8, an entire profile
17 may be assigned to the cluster through a single rule. This policy configures the
18 restricted profile through the latest version of the Pod Security Standards cluster wide.
19spec:
20 background: true
21 validationFailureAction: audit
22 rules:
23 - name: restricted
24 match:
25 any:
26 - resources:
27 kinds:
28 - Pod
29 validate:
30 podSecurity:
31 level: restricted
32 version: latest