kyverno/test/conformance/chainsaw/exceptions/psa-run-as-non-root/exception.yaml

apiVersion: kyverno.io/v2
kind: PolicyException
metadata:
  name: pod-security-exception
spec:
  exceptions:
  - policyName: psp-restricted-limited
    ruleNames:
    - restricted
  match:
    any:
    - resources:
        kinds:
        - Pod
  podSecurity:
  - controlName: Running as Non-root
    images:
    - '*/istio/proxyv2*'
    restrictedField: spec.initContainers[*].securityContext.runAsNonRoot
    values:
    - "false"
feat add chainsaw tests for pod security and exceptions (#10664) * feat add chainsaw tests for pod security and exceptions Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix: enable ProcMountType in the kind config Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> 2024-07-16 15:14:47 +03:00			`apiVersion: kyverno.io/v2`
			`kind: PolicyException`
			`metadata:`
			`name: pod-security-exception`
			`spec:`
			`exceptions:`
			`- policyName: psp-restricted-limited`
			`ruleNames:`
			`- restricted`
			`match:`
			`any:`
			`- resources:`
			`kinds:`
			`- Pod`
			`podSecurity:`
			`- controlName: Running as Non-root`
			`images:`
			`- '/istio/proxyv2'`
			`restrictedField: spec.initContainers[*].securityContext.runAsNonRoot`
			`values:`
			`- "false"`