UNCLASSIFIED - NO CUI

Snippets Groups Projects

Merged BB_AUTO_MR_TOKEN requested to merge update-kyverno-policies-tag-3.3.4-bb.1 into master 4 months ago

Package Merge Request

Package Changes

https://repo1.dso.mil/big-bang/product/packages/kyverno-policies/-/blob/3.3.4-bb.1/CHANGELOG.md Adds default security context that does not run as root.

Package MR

big-bang/product/packages/kyverno-policies!219 (merged)

Policy exceptions for add-defaultsecuritycontext policy were copied from require-non-rootgroup policy in Bigbang

For Issue

Closes (big-bang/product/packages/kyverno-policies#141 (closed))

Upgrade Notices

BigBang users should be aware that a new mutating kyverno policy has been added. This policy will effect ALL pods not specifically excluded and will mutate the securityContext of ALL non-excluded pods to match the following non-root user securitycontext: '{"fsGroup":65534,"runAsGroup":65534,"runAsNonRoot":true,"runAsUser":65534}' . Default exclusions were added mirroring the existing policy require-non-root-user. To add additional exclusions go to bigbang/chart/templates/kyverno-policies/values.yaml and under add-default-securitycontext: look for exclude: then add the exception.

Edited 2 months ago by Jasdeep Basra

Activity

**** added botmr kyvernoPolicies statusdoing labels 4 months ago

added botmr kyvernoPolicies statusdoing labels
**** assigned to @jasdeep.s.basra 4 months ago

assigned to @jasdeep.s.basra
**** changed the description 4 months ago

changed the description
**** requested review from @chris.oconnell, @michaelmartin, and @andrewshoell 4 months ago

requested review from @chris.oconnell, @michaelmartin, and @andrewshoell
Jasdeep Basra added 1 commit 4 months ago
added 1 commit

b2ee50fe - Copied policy exceptions from require-non-root-group to new policy add-defaultusercontext

Compare with previous version
Jasdeep Basra added debug label 4 months ago

added debug label
Jasdeep Basra removed debug label 4 months ago

removed debug label
Jasdeep Basra removed statusdoing label 4 months ago

removed statusdoing label
Jasdeep Basra added statusreview label 4 months ago

added statusreview label
Jasdeep Basra marked this merge request as ready 4 months ago

marked this merge request as ready
Jasdeep Basra changed the description 4 months ago

changed the description
Jasdeep Basra marked this merge request as draft 4 months ago

marked this merge request as draft
Jasdeep Basra added all-packages label 4 months ago

added all-packages label
Jasdeep Basra removed statusreview label 4 months ago

removed statusreview label
Jasdeep Basra added debug label 4 months ago

added debug label
Jasdeep Basra added statusdoing label 4 months ago

added statusdoing label
Bulat Khamitov added 8 commits 4 months ago
added 8 commits

d98604e2 - gitlab update to 8.6.2-bb.0

c0042acb - elasticsearchKibana update to 1.24.0-bb.0

90e946dd - add in 2.41 Release and stand down

6f4689b1 - externalSecrets update to 0.11.0-bb.1

b387b47b - Gateway tls bug

69156ca2 - elasticsearchKibana update to 1.24.0-bb.1

4c3ec3ee - Update Default Mattermost Values

db030b19 - update labels for flux renovate issue

Compare with previous version
Toggle commit list
Bulat Khamitov added 18 commits 4 months ago
added 18 commits

db030b19...98eae109 - 16 commits from branch master

34b6a818 - Updated kyvernoPolicies git tag

d31c5d7f - Copied policy exceptions from require-non-root-group to new policy add-defaultusercontext

Compare with previous version
Bulat Khamitov removed all-packages label 4 months ago

removed all-packages label
Jasdeep Basra added all-packages label 4 months ago

added all-packages label

Please register or sign in to reply

UNCLASSIFIED - NO CUI