-
Some policies can be "context-aware", these policies have `context-aware` key inside of their JSON definition:
```json
{
"name": "foo",
"description": "foo descr",
"homepage": "https://gi…
-
Hey.
I'm trying to follow the quickstart guide but hitting issues, presumably i'm doing something daft, hope you can tell me where i'm going wrong.
```bash
minikube start
helm repo add kubewarde…
-
When the user has a policy server with some `clusteradmissionpolicy` resources attached to it and try to delete it, it is possible to see this error message in the controller logs:
```
2021-10-26T…
jvanz updated
2 years ago
-
Right now the policy-server deployment has hard-coded values that cannot be changed by the user.
We should allow the users to tune these aspects of policy-server:
* [x] https://github.com/kubewa…
-
Create a new Kubewarden policy that can be used to replace the [`ReadOnlyRootFilesystem`](https://kubernetes.io/docs/concepts/policy/pod-security-policy/#volumes-and-file-systems) official PSP.
## …
-
Adding metrics can help to improve observability.
For example:
* Number of policies are loaded into the policy server
* Mean response time of the policies, generally speaking but also at a policy…
-
The goal of this metric is to allow an operator to understand the latency introduced by the evaluation of policies.
The policy provides also some labels, that can be used to filter the metric and p…
-
The original Kubernetes PSP featured also a `DefaultAllowPrivilegeEscalation` option.
Quoting the [official docs](https://kubernetes.io/docs/concepts/policy/pod-security-policy/#privilege-escalatio…
-
Create a Kubewarden policy that can replace the [FSGroup PSP](https://kubernetes.io/docs/concepts/policy/pod-security-policy#volumes-and-file-systems).
The policy validates the presence/absence/val…
-
When I update the `pod-privileged` policy (because of kubewarden/kubewarden.io#26), `helm` just reports
> clusteradmissionpolicy.policies.kubewarden.io/privileged-pods configured
So I looked at th…