---
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: check-host-path
spec:
  admission: true
  background: true
  rules:
  - match:
      any:
      - resources:
          kinds:
          - Pod
    name: check-host-path
    validate:
      message: Host path is not allowed
      pattern:
        spec:
          volumes:
          - hostPath:
              path: ""
            name: '*'
  validationFailureAction: Audit