Closed flavio closed 3 years ago
On PodSecurityPolicies the allowed host port range is a list of ranges, such as:
hostPorts:
- min: 0
max: 65535
This policy could allow this instead of the proposed settings, by allowing a list of allowedHostPortRanges
, such as:
allowedHostPortRanges:
- portMin: 80
portMax: 443
- portMin: 8000
portMax: 8443
in a single policy instance.
~@flavio do we want to add allowedHostPaths
as well on this policy?~
NVM, just saw https://github.com/kubewarden/policy-hub/issues/26, sorry.
Implemented in https://github.com/kubewarden/psp-host-namespaces.
The only remaining bit is the notifying of the policy hub.
Write a Kubewarden policy that implements the host namespaces psp.
Configuration
Default behaviour of the configuration knobs
hostPID
andhostIPC
andhostNetwork
: they are allfalse
allowedHostPortRange
: when empty, no host port can be usedSettings validation: