mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-06 07:57:07 +00:00
Code Activity
kyverno/test/conformance/chainsaw/exceptions/exclude-host-process-and-host-namespaces/README.md
Mariam Fahmy f01f0d6dc4
feat: support podSecurity exclusion in exceptions (#9343) 
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-01-26 18:43:07 +00:00

1.1 KiB
Raw Blame History

Description

This test creates a policy that enforces the baseline profile and exempts any pod that violates the Host Namespaces control and a policy exception that exempts any pod that violates the HostProcess control. The policy exception is configured to apply only to the pods that in staging-ns-1 namespace.

Steps

    • Create a cluster policy
    • Assert the policy becomes ready
    • Create a policy exception for the cluster policy created above.
    • Try to create a pod named goodpod-01 in the staging-ns-1 namespace that uses both the Host Namespace and the HostProcess controls, expecting the creation to succeed.
    • Try to create a pod named goodpod-02 in the staging-ns-1 namespace that uses the HostProcess control, expecting the creation to succeed.
    • Try to create a pod named goodpod-03 in the default namespace that uses the Host Namespace control, expecting the creation to succeed.
    • Try to create a pod named badpod-01 in the default namespace that uses both the Host Namespace and the HostProcess controls, expecting the creation to fail.