apiVersion: kyverno.io/v2
kind: PolicyException
metadata:
  name: pod-security-exception
  namespace: policy-exception-ns-3
spec:
  exceptions:
  - policyName: psa-3
    ruleNames:
    - baseline
  match:
    any:
    - resources:
        namespaces:
        - staging-ns-3
  podSecurity:
    - controlName: "Host Ports"
      images:
      - nginx
      restrictedField: "spec.containers[*].ports[*].hostPort"
      values:
      - "10"
    - controlName: "Host Ports"
      images:
      - nginx
      restrictedField: "spec.initContainers[*].ports[*].hostPort"
      values:
      - "20"