mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-09 17:37:12 +00:00
5a0ce6bb67
* chore: bump chainsaw Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more template use Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * v0.2.10 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * go mod Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> |
||
|---|---|---|
| .. | ||
| chainsaw-test.yaml | ||
| exception.yaml | ||
| ns.yaml | ||
| pod-allowed.yaml | ||
| pod-rejected-1.yaml | ||
| pod-rejected-2.yaml | ||
| policy-assert.yaml | ||
| policy.yaml | ||
| README.md | ||
Description
This test creates a policy that enforces the restricted profile and a policy exception that exempts containers running either the nginx or redis image from the Capabilities control.
The policy exception is configured to apply only to the pods that in staging-ns namespace.
Steps
-
- Create a cluster policy
- Assert the policy becomes ready
-
- Create a policy exception for the cluster policy created above.
-
- Try to create a pod named
goodpod01whose image isnginxin thestaging-nsnamespace that violates the policy, expecting the creation to succeed - Try to create a pod named
badpod01whose image isnginxin thedefaultnamespace that violates the policy, expecting the creation to fail - Try to create a pod named
badpod02whose image isbusyboxin thestaging-nsnamespace that violates the policy,, expecting the creation to fail
- Try to create a pod named