Skip to content

feat: added VAP example to enforce security defaults for podTemplate spec#308

Open
vicentefb wants to merge 1 commit intokubernetes-sigs:mainfrom
vicentefb:VAP
Open

feat: added VAP example to enforce security defaults for podTemplate spec#308
vicentefb wants to merge 1 commit intokubernetes-sigs:mainfrom
vicentefb:VAP

Conversation

@vicentefb
Copy link
Member

@vicentefb vicentefb commented Feb 11, 2026
edited
Loading

fixes #262 , #261

This PR introduces a VAP example with 16 distinct security controls across all containers, init containers, and ephemeral containers in a Sandbox pod. Key enforcements include:

  • Runtime & Scheduling: Mandates runtimeClassName: gvisor and enforces the necessary nodeSelector and tolerations to ensure workloads land on isolated node pools.
  • Node & Network Isolation: Strictly prohibits hostNetwork, hostPID, hostIPC, and hostPort usage to prevent node metadata exposure and namespace leaks.
  • Identity Isolation: Enforces automountServiceAccountToken: false and explicitly blocks Projected volumes from mounting ServiceAccount tokens or Pod Certificates (ClusterTrustBundle).
  • Filesystem & Kernel Hardening: Blocks hostPath volumes, unmasked procMount paths, and custom sysctls.
  • Privilege Escalation & Defense in Depth: Blocks privileged containers, requires processes to runAsNonRoot (properly evaluating Pod-level inheritance), strictly mandates dropping ALL Linux capabilities, and prevents any from being added back via capabilities.add.
  • DoS Protection: Enforces CPU and Memory resource limits on all containers to prevent noisy-neighbor node starvation.

This PR also includes an integration test (examples/policy/vap/policy_test.go).

Utilizes sigs.k8s.io/controller-runtime/pkg/envtest to spin up a local Kubernetes v1.30 API server.

Verifies the CEL expressions by applying the VAP and intentionally attempting to create Sandboxes with isolated vulnerabilities (e.g., privileged containers, wrong runtime classes, malicious volume mounts).

@netlify
Copy link

netlify bot commented Feb 11, 2026
edited
Loading

Deploy Preview for agent-sandbox canceled.

Name Link
🔨 Latest commit 8a4709b
🔍 Latest deploy log https://app.netlify.com/projects/agent-sandbox/deploys/699f4b34fbb8ad000897b655

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Feb 11, 2026
acsoto
acsoto reviewed Feb 11, 2026
View reviewed changes
@vicentefb vicentefb requested a review from acsoto February 11, 2026 03:55
acsoto
acsoto reviewed Feb 11, 2026
View reviewed changes
@vicentefb vicentefb requested a review from acsoto February 11, 2026 17:27
tomergee
tomergee reviewed Feb 12, 2026
View reviewed changes
mtaufen
mtaufen reviewed Feb 12, 2026
View reviewed changes
mtaufen
mtaufen reviewed Feb 12, 2026
View reviewed changes
mtaufen
mtaufen reviewed Feb 12, 2026
View reviewed changes
mtaufen
mtaufen reviewed Feb 12, 2026
View reviewed changes
mtaufen
mtaufen reviewed Feb 12, 2026
View reviewed changes
@vicentefb vicentefb force-pushed the VAP branch 2 times, most recently from 2692691 to c2f182b Compare February 12, 2026 23:45
@vicentefb vicentefb requested a review from mtaufen February 12, 2026 23:45
@vicentefb
Copy link
Member Author

vicentefb commented Feb 13, 2026

/test presubmit-agent-sandbox-e2e-test

@k8s-ci-robot k8s-ci-robot added size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Feb 18, 2026
mtaufen
mtaufen reviewed Feb 18, 2026
View reviewed changes
@vicentefb vicentefb requested a review from mtaufen February 22, 2026 19:46
@vicentefb vicentefb mentioned this pull request Feb 23, 2026
Closed
mtaufen
mtaufen reviewed Feb 23, 2026
View reviewed changes
@mtaufen
Copy link

mtaufen commented Feb 23, 2026

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Feb 23, 2026
@vicentefb
Copy link
Member Author

vicentefb commented Feb 23, 2026

/assign @janetkuo

@k8s-ci-robot
Copy link
Contributor

k8s-ci-robot commented Feb 23, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: aditya-shantanu, mtaufen, vicentefb
Once this PR has been reviewed and has the lgtm label, please ask for approval from janetkuo. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

janetkuo
janetkuo reviewed Feb 24, 2026
View reviewed changes
Copy link
Member

@janetkuo janetkuo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few comments; lgtm otherwise

@vicentefb
feat: added VAP example to enforce security defaults for podTemplate …
8a4709b 
…spec

added containers and init containers

nit

nit

update to included ephemeral containers

updated

update

updated

update

update

update

nit
@k8s-ci-robot k8s-ci-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Feb 25, 2026
@k8s-ci-robot
Copy link
Contributor

k8s-ci-robot commented Feb 25, 2026

New changes are detected. LGTM label has been removed.

@vicentefb vicentefb requested a review from janetkuo February 25, 2026 19:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@barney-s barney-s Awaiting requested review from barney-s

@justinsb justinsb Awaiting requested review from justinsb

@acsoto acsoto Awaiting requested review from acsoto

@janetkuo janetkuo Awaiting requested review from janetkuo

3 more reviewers

@tomergee tomergee tomergee left review comments

@mtaufen mtaufen mtaufen approved these changes

@aditya-shantanu aditya-shantanu aditya-shantanu approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@mtaufen mtaufen

@janetkuo janetkuo

Labels

cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

feat: Default runtimeClassName to gvisor

7 participants

@vicentefb @mtaufen @k8s-ci-robot @janetkuo @aditya-shantanu @acsoto @tomergee