policies icon indicating copy to clipboard operation
policies copied to clipboard

Published 20 hours ago verified publisher icon kyverno

Update PSS with 1.25 changes

Open chipzoller opened this issue 3 years ago • 1 comments

As of 1.25, in a Pod the spec.os is now enforced and obeyed whereas previously it was null. See blog here. Need to update PSS policies so for the three mentioned controls in the Restricted profile it only takes effect if the spec.os is ≠ windows.

chipzoller avatar Aug 28 '22 21:08 chipzoller

Kyverno 1.8.0 is the first version that will be able to get the API server's version (by requesting /version). Prior to kubelet 1.24, spec.os could be set yet wasn't enforced. This means to update the PSS policies appropriately with the relaxed controls for running on Windows requires minimum version of Kyverno 1.8.0 or else it could mean policy circumvention.

chipzoller avatar Sep 11 '22 23:09 chipzoller