mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-09 09:26:54 +00:00
Code Activity
kyverno/test/conformance/chainsaw/exceptions/multiple-exceptions-with-pod-security/pod.yaml
Mariam Fahmy 716611b7ea
fix: return all the exceptions that match the incoming resource (#10722) 
* fix: return all the exceptions that match the incoming resource

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>

* fix: modify log messages

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>

---------

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-07-25 17:36:19 +00:00

56 lines
1.2 KiB
YAML
Raw Blame History

---
apiVersion: v1
kind: Pod
metadata:
name: test-pod
spec:
containers:
- image: alpine:latest
imagePullPolicy: IfNotPresent
name: primary
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
initContainers:
- image: alpine:latest
imagePullPolicy: IfNotPresent
name: init1
securityContext:
allowPrivilegeEscalation: false
capabilities:
add:
- NET_ADMIN
- NET_RAW
drop:
- ALL
privileged: false
readOnlyRootFilesystem: false
runAsGroup: 10001
runAsNonRoot: true
runAsUser: 10001
seccompProfile:
type: RuntimeDefault
- image: busybox:latest
imagePullPolicy: IfNotPresent
name: init2
securityContext:
allowPrivilegeEscalation: false
capabilities:
add:
- SYS_TIME
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsGroup: 10002
runAsNonRoot: true
runAsUser: 10002
seccompProfile:
type: RuntimeDefault
View git blame Copy permalink