Skip to content
/ hostpaths-psp-policy Public
generated from kubewarden/go-policy-template

Replacement for the Kubernetes Pod Security Policy that controls the usage of hostpaths

kubewarden.io

License

Apache-2.0 license
3 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

kubewarden/hostpaths-psp-policy

3 Branches12 Tags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

flavioflavio
Merge pull request #61 from kubewarden/renovate/github-actions
Mar 28, 2025
783d106 · Mar 28, 2025

History

162 Commits
.github
.github
Mar 28, 2025
test_data
test_data
Aug 12, 2021
vendor
vendor
Jun 24, 2024
.gitignore
.gitignore
Aug 4, 2021
CODEOWNERS
CODEOWNERS
Feb 7, 2022
LICENSE
LICENSE
Aug 4, 2021
Makefile
Makefile
Mar 20, 2025
README.md
README.md
May 31, 2024
artifacthub-repo.yml
artifacthub-repo.yml
Jul 19, 2022
e2e.bats
e2e.bats
Jan 26, 2022
go.mod
go.mod
Mar 10, 2025
go.sum
go.sum
Jun 24, 2024
hub.yml
hub.yml
Dec 3, 2021
main.go
main.go
Aug 4, 2021
metadata.yml
metadata.yml
Mar 20, 2025
questions-ui.yml
questions-ui.yml
Feb 17, 2023
renovate.json
renovate.json
Mar 7, 2025
settings.go
settings.go
Aug 3, 2023
settings.sample.json
settings.sample.json
Aug 10, 2021
settings_test.go
settings_test.go
Aug 11, 2021
validate.go
validate.go
Aug 12, 2021
validate_test.go
validate_test.go
Mar 29, 2023

Repository files navigation

Kubewarden Policy Repository Stable

psp-hostpaths-policy

Replacement for the Kubernetes Pod Security Policy that controls the usage of hostPath volumes. The policy inspects both the containers and the init containers that are using hostPath volumes.

Settings

allowedHostPaths:
- pathPrefix: "/foo"
  readOnly: true
- pathPrefix: "/bar"
  readOnly: false

allowedHostPaths is a list of host paths that are allowed to be used by hostPath volumes.

An empty allowedHostPaths list means there is no restriction on host paths used.

Each entry of allowedHostPaths must have:

  • A pathPrefix field, which allows hostPath volumes to mount a path that begins with an allowed prefix.
  • a readOnly field indicating it must be mounted read-only.

Special behaviour

It's possible to have host paths sharing part of the prefix. In that case, the readOnly attribute of the most specific path takes precedence.

For example, given the following configuration:

allowedHostPaths:
- pathPrefix: "/foo"
  readOnly: false
- pathPrefix: "/foo/bar"
  readOnly: true

Paths such as /foo/bar/dir1, /foo/bar must be read only.

About

Replacement for the Kubernetes Pod Security Policy that controls the usage of hostpaths

kubewarden.io

Topics

kubernetes webassembly hacktoberfest policy-as-code pod-security-policy kubernetes-security kubewarden-policy

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

3 stars

Watchers

5 watching

Forks

3 forks
Report repository

Releases 12

v0.1.11 Latest
Jan 20, 2025
+ 11 releases

Packages 2

Contributors 9

Languages