17 lines
675 B
YAML
17 lines
675 B
YAML
# kyverno/kyverno-policies — Pod Security Standards as Kyverno ClusterPolicies
|
|
#
|
|
# helm upgrade --install kyverno-policies kyverno/kyverno-policies -n kyverno \
|
|
# --version 3.7.1 -f clusters/noble/apps/kyverno/policies-values.yaml --wait --timeout 10m
|
|
#
|
|
# Default profile is baseline; validationFailureAction is Audit so existing privileged
|
|
# workloads (monitoring, longhorn, etc.) are reported, not blocked. Tighten per policy or
|
|
# namespace when ready (see README).
|
|
#
|
|
policyKind: ClusterPolicy
|
|
policyType: ClusterPolicy
|
|
podSecurityStandard: baseline
|
|
podSecuritySeverity: medium
|
|
validationFailureAction: Audit
|
|
failurePolicy: Fail
|
|
validationAllowExistingViolations: true
|