Merge pull request #375 from jvanz/issue374

flavio · web-flow · commit 74b06ac18865 · 2024-01-24T09:27:41.000+01:00
fix: mutating policies targets pod only.
diff --git a/charts/kubewarden-defaults/templates/allow-privileged-escalation-policy.yaml b/charts/kubewarden-defaults/templates/allow-privileged-escalation-policy.yaml
@@ -19,18 +19,6 @@ spec:
       apiVersions: ["v1"]
       resources: ["pods"]
       operations: ["CREATE"] # kubernetes doesn't allow to add/remove privileged containers to an already running pod
-    - apiGroups: [""]
-      apiVersions: ["v1"]
-      resources: ["replicationcontrollers"]
-      operations: ["CREATE", "UPDATE"]
-    - apiGroups: ["apps"]
-      apiVersions: ["v1"]
-      resources: ["deployments","replicasets","statefulsets","daemonsets"]
-      operations: ["CREATE", "UPDATE"]
-    - apiGroups: ["batch"]
-      apiVersions: ["v1"]
-      resources: ["jobs","cronjobs"]
-      operations: ["CREATE", "UPDATE"]
   mutating: true
   settings:
     default_allow_privilege_escalation: false
diff --git a/charts/kubewarden-defaults/templates/user-group-policy.yaml b/charts/kubewarden-defaults/templates/user-group-policy.yaml
@@ -19,18 +19,6 @@ spec:
       apiVersions: ["v1"]
       resources: ["pods"]
       operations: ["CREATE"] # kubernetes doesn't allow to add/remove privileged containers to an already running pod
-    - apiGroups: [""]
-      apiVersions: ["v1"]
-      resources: ["replicationcontrollers"]
-      operations: ["CREATE", "UPDATE"]
-    - apiGroups: ["apps"]
-      apiVersions: ["v1"]
-      resources: ["deployments","replicasets","statefulsets","daemonsets"]
-      operations: ["CREATE", "UPDATE"]
-    - apiGroups: ["batch"]
-      apiVersions: ["v1"]
-      resources: ["jobs","cronjobs"]
-      operations: ["CREATE", "UPDATE"]
   mutating: true
   settings:
     run_as_user:
