mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-05 07:26:55 +00:00
* Add includeRestrictedPolicies function * Add Test Case Signed-off-by: dschunack <dschunack@web.de>
31 lines
662 B
YAML
31 lines
662 B
YAML
podSecurityStandard: restricted
|
|
includeOtherPolicies:
|
|
- require-non-root-groups
|
|
includeRestrictedPolicies:
|
|
- require-run-as-non-root-user
|
|
validationFailureActionByPolicy:
|
|
require-non-root-groups: enforce
|
|
validationFailureActionOverrides:
|
|
all:
|
|
- action: audit
|
|
namespaces:
|
|
- ingress-nginx
|
|
disallow-host-path:
|
|
- action: audit
|
|
namespaces:
|
|
- fluent
|
|
policyExclude:
|
|
disallow-host-path:
|
|
any:
|
|
- resources:
|
|
kinds:
|
|
- Pod
|
|
namespaces:
|
|
- fluent
|
|
require-non-root-groups:
|
|
any:
|
|
- resources:
|
|
kinds:
|
|
- Pod
|
|
namespaces:
|
|
- fluent
|