This repository was archived by the owner on Jun 1, 2025. It is now read-only.
2025.3.10
Usage
Specify one or more of the available overlays in your local kustomization.yaml:
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
# use the 'all' overlay to get all available policies
- https://github.com/metio/vap-collection//overlays/all/?ref=2025.3.10
# or select individual overlay for specific policies
- https://github.com/metio/vap-collection//overlays/best-practices/?ref=2025.3.10
- https://github.com/metio/vap-collection//overlays/pod-security-standards-baseline/?ref=2025.3.10
- https://github.com/metio/vap-collection//overlays/pod-security-standards-restricted/?ref=2025.3.10Check the migration guide for any required actions on your part.
What's Changed
- extend restrict-container-capabilities to jobs by @sebhoss in #7
- add ban-host-path-usage policy by @sebhoss in #8
- ban host namespace usage by @sebhoss in #9
- add ban-privileged-containers policy by @sebhoss in #10
- add restrict-seccomp-profile-types policy by @sebhoss in #11
- add restrict-proc-mount-type policy by @sebhoss in #12
- add require-disabled-privilege-escalation policy by @sebhoss in #13
- add restrict-selinux-types policy by @sebhoss in #14
- add ban-selinux-user policy by @sebhoss in #15
- add ban-selinux-role policy by @sebhoss in #16
- add ban-host-process policy by @sebhoss in #17
- add ban-or-restrict-host-ports policy by @sebhoss in #18
- add restrict-apparmor-types policy by @sebhoss in #19
- add ban-apparmor-annotation policy by @sebhoss in #20
- add ban-nodeport-services policy by @sebhoss in #21
- add ban-localhost-services policy by @sebhoss in #22
- add ban-external-ip-services policy by @sebhoss in #23
- add ban-sa-automount-sa-token policy by @sebhoss in #24
- add ban-pod-automount-sa-token policy by @sebhoss in #25
Full Changelog: 2025.3.3...2025.3.10
Contributors
sebhoss