You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
By default, wiz ignores only resources in the kube-system namespace. Which is reasonable but another exclusion must me made for wiz resources itself.
By default, wiz pods are not passing Kubernetes pod security standard, especially this rule -Pod should run containers with the runtime/default seccomp profile
In a future, there can be more.
This leads to an inability to update/upgrade wiz resources with K8S admission policy set to block.
Please, come up with a solution to exclude wiz resources by default. For example, it can be done via assigned kubernetes labels on all wiz resources.
Plus, documentation should explicitly state that these resources are excluded.
The text was updated successfully, but these errors were encountered:
Hello folks,
By default, wiz ignores only resources in the kube-system namespace. Which is reasonable but another exclusion must me made for wiz resources itself.
By default, wiz pods are not passing Kubernetes pod security standard, especially this rule -Pod should run containers with the runtime/default seccomp profile
In a future, there can be more.
This leads to an inability to update/upgrade wiz resources with K8S admission policy set to block.
Please, come up with a solution to exclude wiz resources by default. For example, it can be done via assigned kubernetes labels on all wiz resources.
Plus, documentation should explicitly state that these resources are excluded.
The text was updated successfully, but these errors were encountered: