kyverno

mirror of https://github.com/kyverno/kyverno.git synced 2025-03-09 17:37:12 +00:00

History

Mariam Fahmy 2140a0239b chore: rename validationFailureAction to failureAction under the rule (#10893 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>		2024-08-27 20:07:57 +00:00
..
chainsaw-test.yaml	chore: bump chainsaw (#10687 )	2024-07-31 15:50:20 +00:00
exception.yaml	chore: use v2 for exceptions in chainsaw tests (#10529 )	2024-06-24 11:54:57 +00:00
pod.yaml	fix: get ns labels in the cluster mode when using the CLI (#10348 )	2024-06-04 10:44:44 +00:00
policy.yaml	chore: rename validationFailureAction to failureAction under the rule (#10893 )	2024-08-27 20:07:57 +00:00
README.md	fix: get ns labels in the cluster mode when using the CLI (#10348 )	2024-06-04 10:44:44 +00:00

README.md

Description

This test makes sure that Kyverno CLI apply works as expected when an exception matches a pod with a namespace selector in case of cluster mode. (i.e. --cluster flag is set)

Steps

- Create a namespace ns-1
- Label the namespace ns-1 with kyverno.tess.io/mutateresource=false
- Create a pod test-pod in namespace ns-1
- Create a policy that requires pod to run as non-root user.
- Create an exception that matches any pod whose ns selector is kyverno.tess.io/mutateresource=false
- Use kyverno apply command to apply the policy and the exception in a cluster mode. It is expected to have a skip as a result.

Reference Issue(s)

https://github.com/kyverno/kyverno/issues/10260