UNCLASSIFIED - NO CUI

Skip to content

kyvernoPolicies update to 3.3.4-bb.1

BB_AUTO_MR_TOKEN requested to merge update-kyverno-policies-tag-3.3.4-bb.1 into master

Package Merge Request

Package Changes

https://repo1.dso.mil/big-bang/product/packages/kyverno-policies/-/blob/3.3.4-bb.1/CHANGELOG.md Adds default security context that does not run as root.

Package MR

big-bang/product/packages/kyverno-policies!219 (merged)

Policy exceptions for add-defaultsecuritycontext policy were copied from require-non-rootgroup policy in Bigbang

For Issue

Closes (big-bang/product/packages/kyverno-policies#141 (closed))

Upgrade Notices

BigBang users should be aware that a new mutating kyverno policy has been added. This policy will effect ALL pods not specifically excluded and will mutate the securityContext of ALL non-excluded pods to match the following non-root user securitycontext: '{"fsGroup":65534,"runAsGroup":65534,"runAsNonRoot":true,"runAsUser":65534}' . Default exclusions were added mirroring the existing policy require-non-root-user. To add additional exclusions go to bigbang/chart/templates/kyverno-policies/values.yaml and under add-default-securitycontext: look for exclude: then add the exception.

Edited by Jasdeep Basra

Merge request reports

Loading