Kyverno ephemeral containers
General MR
Summary
Adding block-ephemeral-containers policy and test
Relevant logs/screenshots
Link to BB MR: big-bang/bigbang!5420 (closed)
Pods created in test manifests have limited permissions and cannot execute kubectl commands therefore a separate test script was created: test-ephemeral.sh
Test Script shows the policy sucessfully denies execution of kubectl debug command:
Linked Issue
Upgrade Notices
N/A
Edited by Jasdeep Basra