How the policy works

This Kubewarden Policy is a replacement for the Kubernetes Pod Security Policy that enforces the usage of ReadOnlyRootFilesystems.

How the policy works

The policy inspects the securityContext of each container defined inside of a Pod and ensures all the containers have the readOnlyRootFilesystem attribute set to true.

The policy checks the both the pod.spec.containers and the init containers too.

Containers that do not have a securityContext defined are rejected too. That happens because, by default, the root filesystem of a container is considered to be writable.

Ephemeral containers are not checked because, by Kubernetes definition, they cannot have a securityContext.

Configuration

The policy doesn't have any configuration.

Name		Name	Last commit message	Last commit date
Latest commit History 291 Commits
.github		.github
src		src
.gitignore		.gitignore
CODEOWNERS		CODEOWNERS
CONTRIBUTING.md		CONTRIBUTING.md
Cargo.lock		Cargo.lock
Cargo.toml		Cargo.toml
LICENSE		LICENSE
Makefile		Makefile
README.md		README.md
artifacthub-repo.yml		artifacthub-repo.yml
hub.yml		hub.yml
metadata.yml		metadata.yml
renovate.json		renovate.json

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

How the policy works

Configuration

About

Uh oh!

Releases 16

Packages

Uh oh!

Uh oh!

Contributors 10

Uh oh!

Languages

License

kubewarden/readonly-root-filesystem-psp-policy

Folders and files

Latest commit

History

Repository files navigation

How the policy works

Configuration

About

Topics

Resources

License

Contributing

Uh oh!

Stars

Watchers

Forks

Releases 16

Packages 0

Uh oh!

Uh oh!

Contributors 10

Uh oh!

Languages

Packages