fix(kyverno): add NET_RAW to gluetun exception, remove apparmor

jfroy · Sep 12, 2024 · d34a5ec · d34a5ec
1 parent cd14e03
commit d34a5ec
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/kubernetes/apps/kyverno/kyverno-policies/app/clusterpolicy.yaml b/kubernetes/apps/kyverno/kyverno-policies/app/clusterpolicy.yaml
@@ -13,8 +13,8 @@ metadata:
     policies.kyverno.io/subject: Pod
     policies.kyverno.io/description: >-
       This policy enforces the latest version of the Pod Security Standards baseline profile by
-      default cluster wide. This policy allows NET_ADMIN in capabilities and Unconfined AppArmor for
-      gluetun containers on pods with the label "gluetun=true".
+      default cluster wide. This policy allows capabilities for gluetun containers on pods with the
+      label "gluetun=true".
 spec:
   background: true
   validationFailureAction: Enforce
@@ -67,7 +67,7 @@ spec:
               restrictedField: spec.initContainers[*].securityContext.capabilities.add
               values:
                 - NET_ADMIN
-            - controlName: AppArmor
+                - NET_RAW
 ---
 apiVersion: kyverno.io/v1
 kind: ClusterPolicy