pub/kyverno-2026-example
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
kyverno-2026-example/02-validation/02-security/test-resources/pod-insecure.yaml
Vassiliy Yegorov 34fbdd1412 init
2026-04-08 20:22:14 +07:00

22 lines
650 B
YAML
Raw Permalink Blame History

apiVersion: v1
kind: Pod
metadata:
name: pod-insecure
namespace: default
spec:
hostNetwork: true # нарушение: host namespace
hostPID: true # нарушение: host namespace
containers:
- name: app
image: nginx:1.25.3
securityContext:
privileged: true # нарушение: привилегированный контейнер
runAsUser: 0 # нарушение: запуск от root
capabilities:
add:
- SYS_ADMIN # нарушение: опасная capability
resources:
limits:
memory: "128Mi"
cpu: "100m"
Reference in New Issue View Git Blame Copy Permalink