identw · January 31, 2024 22:26
diff --git a/kyverno.yaml b/kyverno.yaml
 apiVersion: kyverno.io/v1
 kind: ClusterPolicy
 metadata:
  name: disallow-host-namespaces
 spec:
  background: true
  failurePolicy: Fail
  rules:
  - match:
      any:
      - resources:
          kinds:
          - Pod
    name: host-namespaces
    validate:
      message: Sharing the host namespaces is disallowed. The fields spec.hostNetwork,
        spec.hostIPC, and spec.hostPID must be unset or set to `false`.
      pattern:
        spec:
          =(hostIPC): "false"
          =(hostPID): "false"
  validationFailureAction: Enforce
	apiVersion: kyverno.io/v1
	kind: ClusterPolicy
	metadata:
	name: disallow-host-namespaces
	spec:
	background: true
	failurePolicy: Fail
	rules:
	- match:
	any:
	- resources:
	kinds:
	- Pod
	name: host-namespaces
	validate:
	message: Sharing the host namespaces is disallowed. The fields spec.hostNetwork,
	spec.hostIPC, and spec.hostPID must be unset or set to `false`.
	pattern:
	spec:
	=(hostIPC): "false"
	=(hostPID): "false"
	validationFailureAction: Enforce