kyverno/test/conformance/chainsaw/exceptions/exclude-capabilities/pod-rejected-1.yaml

apiVersion: v1
kind: Pod
metadata:
  name: badpod01
  namespace: default
spec:
  containers:
  - name: container01
    image: nginx:1.1.9
    securityContext:
      allowPrivilegeEscalation: false
      runAsNonRoot: true
      seccompProfile:
        type: RuntimeDefault
      capabilities:
        add:
        - SYS_ADMIN
        drop:
        - ALL
feat: support podSecurity exclusion in exceptions (#9343) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> 2024-01-26 20:43:07 +02:00			`apiVersion: v1`
			`kind: Pod`
			`metadata:`
			`name: badpod01`
			`namespace: default`
			`spec:`
			`containers:`
			`- name: container01`
			`image: nginx:1.1.9`
			`securityContext:`
			`allowPrivilegeEscalation: false`
			`runAsNonRoot: true`
			`seccompProfile:`
			`type: RuntimeDefault`
			`capabilities:`
			`add:`
			`- SYS_ADMIN`
			`drop:`
			`- ALL`