mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-09 09:26:54 +00:00
Code Activity
kyverno/test/conformance/chainsaw/exceptions/multiple-exceptions-with-pod-security/exceptions.yaml
Mariam Fahmy 716611b7ea
fix: return all the exceptions that match the incoming resource (#10722) 
* fix: return all the exceptions that match the incoming resource

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>

* fix: modify log messages

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>

---------

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-07-25 17:36:19 +00:00

44 lines
854 B
YAML
Raw Blame History

apiVersion: kyverno.io/v2
kind: PolicyException
metadata:
name: init1-exception-baseline
spec:
exceptions:
- policyName: psp-baseline
ruleNames:
- baseline
match:
any:
- resources:
kinds:
- Pod
podSecurity:
- controlName: Capabilities
images:
- 'alpine:latest'
restrictedField: spec.initContainers[*].securityContext.capabilities.add
values:
- NET_ADMIN
- NET_RAW
---
apiVersion: kyverno.io/v2
kind: PolicyException
metadata:
name: init2-exception-baseline
spec:
exceptions:
- policyName: psp-baseline
ruleNames:
- baseline
match:
any:
- resources:
kinds:
- Pod
podSecurity:
- controlName: Capabilities
images:
- 'busybox:latest'
restrictedField: spec.initContainers[*].securityContext.capabilities.add
values:
- SYS_TIME
View git blame Copy permalink