kyverno/charts/kyverno-policies/ci/test-values.yaml

podSecurityStandard: restricted
includeOtherPolicies:
- require-non-root-groups
includeRestrictedPolicies:
- require-run-as-non-root-user
validationFailureActionByPolicy:
  require-non-root-groups: enforce
validationFailureActionOverrides:
  all:
    - action: audit
      namespaces:
        - ingress-nginx
  disallow-host-path:
    - action: audit
      namespaces:
        - fluent
policyExclude:
  disallow-host-path:
    any:
      - resources:
          kinds:
            - Pod
          namespaces:
            - fluent
  require-non-root-groups:
    any:
      - resources:
          kinds:
            - Pod
          namespaces:
            - fluent
Update kyverno-policies chart with latest pod-security policies (#3126) * Update kyverno-policies chart with latest pod-security policies Fixes #3063 Fixes #2277 Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Update README to have better example Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Use chart testing during e2e to test against ci values Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Fix e2e tests for Helm chart Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Fix Kyverno chart testing to actually test values, and fix networkpolicy template Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Update README for exclusion Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Allow adding 'other' policies via Helm Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Update Chart.yaml for kyverno-policies Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Bump minimum Kubernetes version in charts Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Update kyverno-policies chart readme Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Use version that should catch all pre-releases Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Use version that should catch all pre-releases (part 2) Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Use same logic to get git tag by using Makefile target for updating Helm values Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Prateek Pandey <prateekpandey14@gmail.com> 2022-02-04 01:47:36 -05:00			`podSecurityStandard: restricted`
			`includeOtherPolicies:`
			`- require-non-root-groups`
[Feature] Add ability to get additional policies from restricted (#4416) * Add includeRestrictedPolicies function * Add Test Case Signed-off-by: dschunack <dschunack@web.de> 2022-08-29 19:45:29 +02:00			`includeRestrictedPolicies:`
			`- require-run-as-non-root-user`
[Feature] Add posibility to set validationFailureAction by Policy (#4400) * Implement validationFailureActionByPolicy * Update README.md * Add artifacthub.io/changes entry * Add Test Case Signed-off-by: dschunack <dschunack@web.de> 2022-08-25 17:29:20 +02:00			`validationFailureActionByPolicy:`
			`require-non-root-groups: enforce`
Allow setting validationFailureActionOverrides for policies (#3201) Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> 2022-02-09 03:24:35 -05:00			`validationFailureActionOverrides:`
			`all:`
			`- action: audit`
			`namespaces:`
			`- ingress-nginx`
			`disallow-host-path:`
			`- action: audit`
			`namespaces:`
			`- fluent`
Update kyverno-policies chart with latest pod-security policies (#3126) * Update kyverno-policies chart with latest pod-security policies Fixes #3063 Fixes #2277 Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Update README to have better example Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Use chart testing during e2e to test against ci values Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Fix e2e tests for Helm chart Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Fix Kyverno chart testing to actually test values, and fix networkpolicy template Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Update README for exclusion Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Allow adding 'other' policies via Helm Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Update Chart.yaml for kyverno-policies Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Bump minimum Kubernetes version in charts Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Update kyverno-policies chart readme Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Use version that should catch all pre-releases Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Use version that should catch all pre-releases (part 2) Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Use same logic to get git tag by using Makefile target for updating Helm values Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Prateek Pandey <prateekpandey14@gmail.com> 2022-02-04 01:47:36 -05:00			`policyExclude:`
			`disallow-host-path:`
			`any:`
			`- resources:`
			`kinds:`
			`- Pod`
			`namespaces:`
			`- fluent`
			`require-non-root-groups:`
			`any:`
			`- resources:`
			`kinds:`
			`- Pod`
			`namespaces:`
			`- fluent`