kyverno/test/conformance/chainsaw/exceptions/multiple-exceptions/pod.yaml

---
apiVersion: v1
kind: Pod
metadata:
  name: test-pod
spec:
  containers:
  - image: alpine:latest
    imagePullPolicy: IfNotPresent
    name: primary
    securityContext:
      allowPrivilegeEscalation: false
      capabilities:
        drop:
        - ALL
      runAsGroup: 1000
      runAsNonRoot: true
      runAsUser: 1000
      seccompProfile:
        type: RuntimeDefault
  initContainers:
  - image: alpine:latest
    imagePullPolicy: IfNotPresent
    name: init1
    securityContext:
      allowPrivilegeEscalation: false
      capabilities:
        add:
        - NET_ADMIN
        - NET_RAW
        drop:
        - ALL
      privileged: false
      readOnlyRootFilesystem: false
      runAsGroup: 10001
      runAsNonRoot: true
      runAsUser: 10001
      seccompProfile:
        type: RuntimeDefault
  - image: busybox:latest
    imagePullPolicy: IfNotPresent
    name: init2
    securityContext:
      allowPrivilegeEscalation: false
      capabilities:
        add:
        - SYS_TIME
        drop:
        - ALL
      privileged: false
      readOnlyRootFilesystem: true
      runAsGroup: 10002
      runAsNonRoot: true
      runAsUser: 10002
      seccompProfile:
        type: RuntimeDefault
fix: return all the exceptions that match the incoming resource (#10722) * fix: return all the exceptions that match the incoming resource Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix: modify log messages Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> 2024-07-25 20:36:19 +03:00			`---`
			`apiVersion: v1`
			`kind: Pod`
			`metadata:`
			`name: test-pod`
			`spec:`
			`containers:`
			`- image: alpine:latest`
			`imagePullPolicy: IfNotPresent`
			`name: primary`
			`securityContext:`
			`allowPrivilegeEscalation: false`
			`capabilities:`
			`drop:`
			`- ALL`
			`runAsGroup: 1000`
			`runAsNonRoot: true`
			`runAsUser: 1000`
			`seccompProfile:`
			`type: RuntimeDefault`
			`initContainers:`
			`- image: alpine:latest`
			`imagePullPolicy: IfNotPresent`
			`name: init1`
			`securityContext:`
			`allowPrivilegeEscalation: false`
			`capabilities:`
			`add:`
			`- NET_ADMIN`
			`- NET_RAW`
			`drop:`
			`- ALL`
			`privileged: false`
			`readOnlyRootFilesystem: false`
			`runAsGroup: 10001`
			`runAsNonRoot: true`
			`runAsUser: 10001`
			`seccompProfile:`
			`type: RuntimeDefault`
			`- image: busybox:latest`
			`imagePullPolicy: IfNotPresent`
			`name: init2`
			`securityContext:`
			`allowPrivilegeEscalation: false`
			`capabilities:`
			`add:`
			`- SYS_TIME`
			`drop:`
			`- ALL`
			`privileged: false`
			`readOnlyRootFilesystem: true`
			`runAsGroup: 10002`
			`runAsNonRoot: true`
			`runAsUser: 10002`
			`seccompProfile:`
			`type: RuntimeDefault`