mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-09 17:37:12 +00:00
5a0ce6bb67
* chore: bump chainsaw Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more template use Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * v0.2.10 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * go mod Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> |
||
|---|---|---|
| .. | ||
| chainsaw-test.yaml | ||
| exceptions.yaml | ||
| pod.yaml | ||
| policy-assert.yaml | ||
| policy.yaml | ||
| README.md | ||
Description
This test creates two policy exceptions that match the same policy. It is expected that the pod that satisfies both exceptions will be created successfully.
Expected Behavior
-
Create a policy that applies the baseline profile.
-
Create two exceptions as follows:
- The first exception
exception-baselinethat exempts the whole pod from the baseline profile. - The second exception
init-exception-baselineallows the values ofSYS_TIMEcapabilities in the init containers.
- The first exception
-
Create a pod with two init containers. The first init container should have the
NET_ADMINandNET_RAWcapabilities, and the second init container should have theSYS_TIMEcapability. It is expected that the pod will be created successfully as it matches both exceptions.
Reference Issue(s)
#10580