kyverno/test/conformance/chainsaw/cli/apply/apply-on-cluster-scoped-resources/policy.yaml

apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: restrict-binding-system-groups      
spec:
  validationFailureAction: Enforce
  background: true
  rules:
    - name: restrict-masters
      match:
        any:
        - resources:
            kinds:
              - RoleBinding
              - ClusterRoleBinding
      validate:
        message: "Binding to system:masters is not allowed."
        pattern:
          roleRef:
            name: "!system:masters"
fix: check the resource namespace (#10738) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> 2024-07-26 16:45:54 +03:00			`apiVersion: kyverno.io/v1`
			`kind: ClusterPolicy`
			`metadata:`
			`name: restrict-binding-system-groups`
			`spec:`
			`validationFailureAction: Enforce`
			`background: true`
			`rules:`
			`- name: restrict-masters`
			`match:`
			`any:`
			`- resources:`
			`kinds:`
			`- RoleBinding`
			`- ClusterRoleBinding`
			`validate:`
			`message: "Binding to system:masters is not allowed."`
			`pattern:`
			`roleRef:`
			`name: "!system:masters"`