kyvernoPolicies update to 3.3.4-bb.1
Package Merge Request
Package Changes
https://repo1.dso.mil/big-bang/product/packages/kyverno-policies/-/blob/3.3.4-bb.1/CHANGELOG.md Adds default security context that does not run as root.
Package MR
big-bang/product/packages/kyverno-policies!219 (merged)
Policy exceptions for add-defaultsecuritycontext policy were copied from require-non-rootgroup policy in Bigbang
For Issue
Closes (big-bang/product/packages/kyverno-policies#141 (closed))
Upgrade Notices
BigBang users should be aware that a new mutating kyverno policy has been added. This policy will effect ALL pods not specifically excluded and will mutate the securityContext of ALL non-excluded pods to match the following non-root user securitycontext: '{"fsGroup":65534,"runAsGroup":65534,"runAsNonRoot":true,"runAsUser":65534}' . Default exclusions were added mirroring the existing policy require-non-root-user
. To add additional exclusions go to bigbang/chart/templates/kyverno-policies/values.yaml
and under add-default-securitycontext:
look for exclude:
then add the exception.