Kyverno Policies: Remove disallow-shared-subpath-volume-writes policy
Package Merge Request
Package Changes
Additionally this MR re-enables the image signature policy in CI, with a commented out IB key to prevent the bug with this policy.
Package MR
https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/kyverno-policies/-/merge_requests/61
Release upgrade notice
Kyverno Policies:
- This release completely removes the
disallow-shared-subpath-volume-writespolicy - This policy was intended to prevent exploitation of a CVE in older k8s versions, however all vulnerable k8s versions are now EOL
- If you do not upgrade the Kyverno Policies package this release you will need to disable this policy or add exceptions for a number of packages, the necessary exceptions for this policy are no longer maintained by Big Bang
- To disable the policy entirely use the below values:
kyvernopolicies: values: policies: disallow-shared-subpath-volume-writes: enabled: false
Edited by Micah Nagel