kyverno

mirror of https://github.com/kyverno/kyverno.git synced 2025-03-09 09:26:54 +00:00

History

Charles-Edouard Brétéché 5a0ce6bb67 chore: bump chainsaw (#11161 ) * chore: bump chainsaw Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more template use Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * v0.2.10 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * go mod Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>		2024-09-17 09:28:33 +00:00
..
chainsaw-test.yaml	chore: bump chainsaw (#11161 )	2024-09-17 09:28:33 +00:00
exception.yaml	chore: use v2 for exceptions in chainsaw tests (#10529 )	2024-06-24 11:54:57 +00:00
pod.yaml	fix: get ns labels in the cluster mode when using the CLI (#10348 )	2024-06-04 10:44:44 +00:00
policy.yaml	chore: rename validationFailureAction to failureAction under the rule (#10893 )	2024-08-27 20:07:57 +00:00
README.md	fix: get ns labels in the cluster mode when using the CLI (#10348 )	2024-06-04 10:44:44 +00:00

README.md

Description

This test makes sure that Kyverno CLI apply works as expected when an exception matches a pod with a namespace selector in case of cluster mode. (i.e. --cluster flag is set)

Steps

- Create a namespace ns-1
- Label the namespace ns-1 with kyverno.tess.io/mutateresource=false
- Create a pod test-pod in namespace ns-1
- Create a policy that requires pod to run as non-root user.
- Create an exception that matches any pod whose ns selector is kyverno.tess.io/mutateresource=false
- Use kyverno apply command to apply the policy and the exception in a cluster mode. It is expected to have a skip as a result.

Reference Issue(s)

https://github.com/kyverno/kyverno/issues/10260