kyverno/test/conformance/chainsaw/exceptions/exclude-ephemeral-containers at 5476462a939e9004b4b45f65df659f9b18925fe5 - mirrors/kyverno - Code den of a Norwegian 🐻

mirrors/kyverno

mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00

History

Charles-Edouard Brétéché df267dd829 chore: use more chainsaw step templates (#11311 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>		2024-10-03 11:56:30 +00:00
..
chainsaw-test.yaml	chore: use more chainsaw step templates (#11311 )	2024-10-03 11:56:30 +00:00
exception.yaml	fix: allow exceptions to match Pod/ephemeralcontainers by default (#10778 )	2024-08-02 12:47:09 +00:00
excluded-pod.yaml	fix: allow exceptions to match Pod/ephemeralcontainers by default (#10778 )	2024-08-02 12:47:09 +00:00
policy.yaml	fix: allow exceptions to match Pod/ephemeralcontainers by default (#10778 )	2024-08-02 12:47:09 +00:00
README.md	fix: allow exceptions to match Pod/ephemeralcontainers by default (#10778 )	2024-08-02 12:47:09 +00:00

README.md

Description

This test makes sure that policy exception matches Pod/epehemeralcontainers resource by default in case it matches Pods.

Expected Behavior

Create a policy that matches Pods and restrict setting runAsNonRoot to true.
Create an exception that excludes Pods from the policy.
Create a Pod that violates the policy. It is expected that the Pod will be created successfully as it matches the exception.
Run kubectl debug command to attach to the Pod. It is expected that the command will run successfully since exceptions match Pod/ephemeralcontainers resource by default.

Reference Issue(s)

#9484