UNCLASSIFIED - NO CUI

Skip to content

Kyverno Policies: Remove disallow-shared-subpath-volume-writes policy

mr-bot requested to merge update-kyverno-policies-tag-1.1.0-bb.0 into master

Package Merge Request

Package Changes

https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/kyverno-policies/-/blob/1.1.0-bb.0/CHANGELOG.md

Additionally this MR re-enables the image signature policy in CI, with a commented out IB key to prevent the bug with this policy.

Package MR

https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/kyverno-policies/-/merge_requests/61

Release upgrade notice

Kyverno Policies:

  • This release completely removes the disallow-shared-subpath-volume-writes policy
  • This policy was intended to prevent exploitation of a CVE in older k8s versions, however all vulnerable k8s versions are now EOL
  • If you do not upgrade the Kyverno Policies package this release you will need to disable this policy or add exceptions for a number of packages, the necessary exceptions for this policy are no longer maintained by Big Bang
  • To disable the policy entirely use the below values:
    kyvernopolicies:
      values:
        policies:
          disallow-shared-subpath-volume-writes:
            enabled: false
Edited by Micah Nagel

Merge request reports

Loading