Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cluster Scoped KubeArmor Security Policy #1769

Open
daemon1024 opened this issue May 28, 2024 · 0 comments
Open

Cluster Scoped KubeArmor Security Policy #1769

daemon1024 opened this issue May 28, 2024 · 0 comments
Labels
enhancement New feature or request

Comments

@daemon1024
Copy link
Member

daemon1024 commented May 28, 2024

Feature Request

Short Description

As a User, I want to apply a policy which is applicable across cluster where I should be able to mention exclusions.

Is your feature request related to a problem? Please describe the use case.

Need to write policies for each namespace manually

Describe the solution you'd like

Create a new CRD with ClusterKubeArmorSecurityPolicy. Example Policy:

apiVersion: security.kubearmor.com/v1
+kind: KubeArmorClusterPolicy
metadata:
  name: ksp-block-cis-tmp-no-exec
spec:
  tags: ["CIS"]
  message: "Alert! exec tmp!"
  selector:
+    exclude:
+         namespace:
+          - kube-system
+          - kubearmor
  process:
    severity: 1
    matchDirectories:
    - dir: /tmp/
      recursive: true
    action: Block

Describe alternatives you've considered
Manually create for each namespace

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

1 participant