Skip to content

Commit 5827f58

Browse files
tssuryatssurya
committed
Add docs for blocking host field using PSA
Signed-off-by: Surya Seetharaman <suryaseetharaman.9@gmail.com>
1 parent 48f8ce3 commit 5827f58

File tree

1 file changed

+33
-0
lines changed

1 file changed

+33
-0
lines changed

content/en/docs/concepts/security/pod-security-standards.md

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -167,6 +167,39 @@ fail validation.
167167
</ul>
168168
</td>
169169
</tr>
170+
<tr>
171+
<td>Host Probes / Lifecycle Hooks (v1.34+)</td>
172+
<td>
173+
<p>The Host field in probes and lifecycle hooks must be disallowed.</p>
174+
<p><strong>Restricted Fields</strong></p>
175+
<ul>
176+
<li><code>spec.containers[*].livenessProbe.httpGet.host</code></li>
177+
<li><code>spec.containers[*].readinessProbe.httpGet.host</code></li>
178+
<li><code>spec.containers[*].startupProbe.httpGet.host</code></li>
179+
<li><code>spec.containers[*].livenessProbe.tcpSocket.host</code></li>
180+
<li><code>spec.containers[*].readinessProbe.tcpSocket.host</code></li>
181+
<li><code>spec.containers[*].startupProbe.tcpSocket.host</code></li>
182+
<li><code>spec.containers[*].lifecycle.postStart.tcpSocket.host</code>
183+
<li><code>spec.containers[*].lifecycle.preStop.tcpSocket.host</code>
184+
<li><code>spec.containers[*].lifecycle.postStart.httpGet.host</code></li>
185+
<li><code>spec.containers[*].lifecycle.preStop.httpGet.host</code></li>
186+
<li><code>spec.initContainers[*].livenessProbe.httpGet.host</code></li>
187+
<li><code>spec.initContainers[*].readinessProbe.httpGet.host</code></li>
188+
<li><code>spec.initContainers[*].startupProbe.httpGet.host</code></li>
189+
<li><code>spec.initContainers[*].livenessProbe.tcpSocket.host</code></li>
190+
<li><code>spec.initContainers[*].readinessProbe.tcpSocket.host</code></li>
191+
<li><code>spec.initContainers[*].startupProbe.tcpSocket.host</code></li>
192+
<li><code>spec.initContainers[*].lifecycle.postStart.tcpSocket.host</code>
193+
<li><code>spec.initContainers[*].lifecycle.preStop.tcpSocket.host</code>
194+
<li><code>spec.initContainers[*].lifecycle.postStart.httpGet.host</code></li>
195+
<li><code>spec.initContainers[*].lifecycle.preStop.httpGet.host</code></li>
196+
</ul>
197+
<p><strong>Allowed Values</strong></p>
198+
<ul>
199+
<li>Undefined/nil</li>
200+
</ul>
201+
</td>
202+
</tr>
170203
<tr>
171204
<td style="white-space: nowrap">AppArmor</td>
172205
<td>

0 commit comments

Comments
 (0)