From 23fd317eee3fbc0fe6584d78761014fe259d7efc Mon Sep 17 00:00:00 2001
From: Jim Bugwadia <jim@nirmata.com>
Date: Tue, 18 Aug 2020 21:41:15 -0700
Subject: [PATCH] turn off auto-gen policies for add new capabilities

---
 samples/best_practices/disallow_new_capabilities.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/samples/best_practices/disallow_new_capabilities.yaml b/samples/best_practices/disallow_new_capabilities.yaml
index a57565d980..191d0bcf5b 100644
--- a/samples/best_practices/disallow_new_capabilities.yaml
+++ b/samples/best_practices/disallow_new_capabilities.yaml
@@ -3,6 +3,7 @@ kind: ClusterPolicy
 metadata:
   name: disallow-new-capabilities
   annotations:
+    pod-policies.kyverno.io/autogen-controllers: none
     policies.kyverno.io/category: Security
     policies.kyverno.io/description: Linux allows defining fine-grained permissions using
       capabilities. With Kubernetes, it is possible to add capabilities that escalate the