Skip to content

Instantly share code, notes, and snippets.

@f9n

f9n/privileged-container.yml

Last active March 29, 2021 11:23
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save f9n/a8abc6c7077f63a85ecadd1f342b3dba to your computer and use it in GitHub Desktop.
Save f9n/a8abc6c7077f63a85ecadd1f342b3dba to your computer and use it in GitHub Desktop.
Download ZIP
Opa/Gatekeeper-Library Constraints - Examples
Raw
privileged-container.yml
apiVersion: constraints.gatekeeper.sh/v1beta1
kind: K8sPSPPrivilegedContainer
metadata:
name: psp-privileged-container
spec:
match:
kinds:
- apiGroups: [""]
kinds: ["Pod"]
Raw
psp-allow-privilege-escalation-container.yml
apiVersion: constraints.gatekeeper.sh/v1beta1
kind: K8sPSPAllowPrivilegeEscalationContainer
metadata:
name: psp-allow-privilege-escalation-container
spec:
match:
kinds:
- apiGroups: [""]
kinds: ["Pod"]
Raw
psp-host-namespace.yml
apiVersion: constraints.gatekeeper.sh/v1beta1
kind: K8sPSPHostNamespace
metadata:
name: psp-host-namespace
spec:
match:
kinds:
- apiGroups: [""]
kinds: ["Pod"]
Raw
psp-host-network-ports.yml
apiVersion: constraints.gatekeeper.sh/v1beta1
kind: K8sPSPHostNetworkingPorts
metadata:
name: psp-host-network-ports
spec:
match:
kinds:
- apiGroups: [""]
kinds: ["Pod"]
parameters:
hostNetwork: false
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment