kubeeye/checks/dangerousCapabilities.yaml

#successMessage: Container does not have any dangerous capabilities
promptMessage: Container should not have dangerous capabilities
category: Security
target: Container
schema:
  '$schema': http://json-schema.org/draft-07/schema
  type: object
  properties:
    securityContext:
      type: object
      properties:
        capabilities:
          type: object
          properties:
            add:
              type: array
              not:
                contains:
                  const: ALL
              not:
                contains:
                  const: SYS_ADMIN
              not:
                contains:
                  const: NET_ADMIN
update prompt message and diags 2020-12-25 17:20:10 +08:00			`#successMessage: Container does not have any dangerous capabilities`
			`promptMessage: Container should not have dangerous capabilities`
add checklists 2020-12-16 16:36:47 +08:00			`category: Security`
			`target: Container`
			`schema:`
			`'$schema': http://json-schema.org/draft-07/schema`
			`type: object`
			`properties:`
			`securityContext:`
			`type: object`
			`properties:`
			`capabilities:`
			`type: object`
			`properties:`
			`add:`
			`type: array`
			`not:`
			`contains:`
			`const: ALL`
			`not:`
			`contains:`
			`const: SYS_ADMIN`
			`not:`
			`contains:`
			`const: NET_ADMIN`