Documentation
apiVersion: kyverno.io/v1 kind: ClusterPolicy metadata: name: disallow-privileged spec: validationFailureAction: Enforce background: true rules:
- name: check-privileged
match:
resources:
kinds:
- Pod
validate:
message: "Privileged mode is not allowed."
pattern:
spec:
containers:
- securityContext: privileged: "false"
- Pod
validate:
message: "Privileged mode is not allowed."
pattern:
spec:
containers: