Expand hostpath kyverno policies to include Persistent Volumes

Package Merge Request

Package Changes

Expand hostpath kyverno policies to include Persistent Volumes

Package MR

• https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/kyverno-policies/-/merge_requests/16
• https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/kyverno-policies/-/merge_requests/17

For Issue

Closes https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/kyverno-policies/-/issues/5

chart/templates/kyverno/policies/values.yaml

@@ -394,6 +394,12 @@ policies:
       {{- end }}
     {{- end }}
 
+  # NOTE: This restricts the ability to have PVCs when using a local path provisioner storage class (i.e. k3d default).
+  # To override either disable this policy (not ideal) or add an allowed wildcard matching where local paths are provisioned.
+  # See `/docs/example_configs/policy-overrides-k3d.yaml` for an example of how to do this for k3d.
+  restrict-host-path-mount-pv:
+    validationFailureAction: audit
+
   restrict-host-path-write:
     validationFailureAction: enforce
     {{- if .Values.twistlock.enabled }}