kyverno/policies

Issues

• policy for blocking ingress if user doesn't specify tls

  #1193 opened 15 days ago by saiben10
  12

• policy for blocking externlaIps

  #1192 opened 15 days ago by saiben10
  12

• [Feature] To add Karpenter Do Not Disrupt policy for Karpenter 1.x version

  #1191 opened 21 days ago by jkannan-talend
  2

• [Bug] Update CEL expression to support CAP_NET_RAW and NET_RAW drop capabilities

  #1186 opened 22 days ago by epasham
  3

• Publish policies as OCI Artifact

  #1185 opened 22 days ago by devantler
  0

• [Bug] Security Capabilites must omit the CAP prefix which is required by Kyverno policies

  #1166 opened a month ago by StraysWonderland
  5

• [Sample] Prevent `kubectl cp` command

  #1169 opened a month ago by JimBugwadia
  1

• [Bug] Unique host and path ingress policy is blocking updates

  #1163 opened 2 months ago by Fauli
  9

• Add Pod Anti-Affinity

  #1171 opened a month ago by gssjl2008
  1

• [Bug]: Kyverno-policies helm chart has hardcoded Kubernetes version annotations

  #1165 opened 2 months ago by sergey198828
  2

• [Sample] disallow-privilege-escalation: Simplify CEL expressions using optional

  #1144 opened 2 months ago by epasham
  1

• [Enhancement]: Update generateExistingOnPolicyUpdate (deprecated) with new format

  #1162 opened 2 months ago by husnialhamdani
  0

• Verify CycloneDX SBOM (Keyless)

  #1132 opened 3 months ago by BBS-Testcenter
  2

• [Question] How to match PATCH requests?

  #1138 opened 3 months ago by Da-Juan
  8

• [Feature] Update the existing policies to use the new fields

  #1130 opened 3 months ago by MariamFahmy98
  1

• [Sample] disallow-host-process: Simplify CEL expressions using optional

  #1137 opened 3 months ago by epasham
  3

• [Enhancement] Update CEL policies to make use of optionals and variables to remove redundant expressions

  #1058 opened 3 months ago by Chandan-DK
  6

• disallow-selinux: simplify CEL expressions

  #1098 opened 3 months ago by JimBugwadia
  0

• restrict-seccomp: simplify CEL expressions

  #1099 opened 3 months ago by JimBugwadia
  6

• restrict-sysctls: simplify CEL expressions

  #1100 opened 3 months ago by JimBugwadia
  3

• disallow-host-namespaces: simplify CEL expressions

  #1091 opened 3 months ago by JimBugwadia
  4

• disallow-host-path: simplify CEL expressions

  #1092 opened 3 months ago by JimBugwadia
  4

• disallow-host-ports-range: simplify CEL expressions

  #1094 opened 3 months ago by JimBugwadia
  3

• disallow-capabilities: simplify CEL expressions

  #1090 opened 3 months ago by JimBugwadia
  2

• disallow-privileged-containers: simplify CEL expressions

  #1096 opened 3 months ago by JimBugwadia
  4

• disallow-proc-mount: simplify CEL expressions

  #1097 opened 3 months ago by JimBugwadia
  3

• [Bug] Generating network policy for existing namespace fails. As well as data template synchronization.

  #1123 opened 3 months ago by antonvigo
  8

• Add Pod Disruption Budget

  #1133 opened 3 months ago by abuechler
  0

• [Bug] Kyverno verifyimage policy does'nt working correctly

  #1128 opened 3 months ago by Bunny15738
  4

• Refresh Environment Variables in Pods

  #1124 opened 3 months ago by Kamalesh-Seervi
  4

• Custom message not working in podSecurity subrule policy

  #1120 opened 3 months ago by F-Fx
  2

• disallow-host-process: simplify CEL expressions

  #1095 opened 3 months ago by JimBugwadia
  0

• All tested images to be stored in Kyverno org

  #1102 opened 3 months ago by chipzoller
  2

• disallow-host-ports: simplify CEL expressions

  #1093 opened 3 months ago by JimBugwadia
  0

• [Sample] Mount volumes for ephemeral containers

  #1088 opened 4 months ago by realshuting
  1

• Block Large Images

  #1083 opened 4 months ago by davvyin
  0

• [Bug] ClusterPolicy with PolicyException does not apply on subsequent updates

  #1078 opened 4 months ago by gg718
  0

• [Enhancement]: Replace enforce/audit (deprecated) with Enforce/Audit on sample policies

  #1061 opened 4 months ago by mohamedawnallah
  1

• [Enhancement]: Replace enforce/audit (deprecated) with Enforce/Audit on sample policies

  #1060 opened 4 months ago by mohamedawnallah
  1

• [Bug] Sync Secrets failing to keep secrets in sync

  #1056 opened 4 months ago by eitah
  4

• Extend chainsaw tests for additional container types

  #1012 opened 6 months ago by JimBugwadia
  1

• [Bug] ClusterCleanupPolicy works only the first time ?

  #1053 opened 5 months ago by amoscatellialmaviva
  2

• Mutate policy on existing resource not working only for k8s tls secret

  #1050 opened 5 months ago by hiteshp39
  2

• [Sample] Add variant of `disallow-capabilities` for service meshes

  #1039 opened 5 months ago by chipzoller
  0

• Question: exclusions to PodSecurity sub-rule

  #1040 opened 6 months ago by sachintiptur
  0

• [Bug] Generate rule on pod creation triggers twice

  #1034 opened 6 months ago by marevers
  1

• PolicyException for a pod with multiple violations

  #1017 opened 6 months ago by erkerb4
  4

• [Chainsaw Tests] Test generated VAPs of pod security cel policies with Chainsaw

  #1003 opened 6 months ago by Chandan-DK
  1

• Block Stale Images

  #986 opened 6 months ago by challakiran334
  0

• Add RoleBinding not working for EKS(aws k8s cluster)

  #984 opened 6 months ago by chokhareganesh
  7