From 986e765efb302378e247af399b204ee677816762 Mon Sep 17 00:00:00 2001 From: Khaled Emara Date: Mon, 12 Aug 2024 14:47:18 +0300 Subject: [PATCH] chore(ps): annotations Signed-off-by: Khaled Emara --- .../set-privilege-escalation.yaml | 6 +++--- .../mutate/set-run-as-non-root/set-run-as-non-root.yaml | 8 ++++---- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/pod-security/mutate/set-privilege-escalation/set-privilege-escalation.yaml b/pod-security/mutate/set-privilege-escalation/set-privilege-escalation.yaml index 6560df0e0..8eda22120 100644 --- a/pod-security/mutate/set-privilege-escalation/set-privilege-escalation.yaml +++ b/pod-security/mutate/set-privilege-escalation/set-privilege-escalation.yaml @@ -7,11 +7,11 @@ metadata: policies.kyverno.io/category: Pod Security Standards (Mutate) policies.kyverno.io/severity: medium policies.kyverno.io/subject: Pod - kyverno.io/kyverno-version: 1.6.0 - kyverno.io/kubernetes-version: "1.22-1.30" + kyverno.io/kyverno-version: 1.12.5 + kyverno.io/kubernetes-version: "1.30" policies.kyverno.io/description: >- Privilege escalation, such as via set-user-ID or set-group-ID file mode, should not be allowed. - This policy ensures the `allowPrivilegeEscalation` field is set to `false`. + This policy set the `allowPrivilegeEscalation` field to `false` if it's set to `true`. spec: validationFailureAction: Audit background: true diff --git a/pod-security/mutate/set-run-as-non-root/set-run-as-non-root.yaml b/pod-security/mutate/set-run-as-non-root/set-run-as-non-root.yaml index 4ee387f01..9764ccc53 100644 --- a/pod-security/mutate/set-run-as-non-root/set-run-as-non-root.yaml +++ b/pod-security/mutate/set-run-as-non-root/set-run-as-non-root.yaml @@ -7,11 +7,11 @@ metadata: policies.kyverno.io/category: Pod Security Standards (Mutate) policies.kyverno.io/severity: medium policies.kyverno.io/subject: Pod - kyverno.io/kyverno-version: 1.6.0 - kyverno.io/kubernetes-version: "1.22-1.30" + kyverno.io/kyverno-version: 1.12.5 + kyverno.io/kubernetes-version: "1.30" policies.kyverno.io/description: >- - Containers must be required to run as non-root users. This policy ensures - `runAsNonRoot` is set to `true`. + Containers must be required to run as non-root users. This policy sets + `runAsNonRoot` is set to `true` if it's set to `false`. spec: validationFailureAction: Audit background: true