kyverno

mirror of https://github.com/kyverno/kyverno.git synced 2025-03-06 16:06:56 +00:00

History

Mariam Fahmy b7bf894fe9 chore: use v2 for exceptions in chainsaw tests (#10529 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>		2024-06-24 11:54:57 +00:00
..
chainsaw-test.yaml	fix: get ns labels in the cluster mode when using the CLI (#10348 )	2024-06-04 10:44:44 +00:00
exception.yaml	chore: use v2 for exceptions in chainsaw tests (#10529 )	2024-06-24 11:54:57 +00:00
pod.yaml	fix: get ns labels in the cluster mode when using the CLI (#10348 )	2024-06-04 10:44:44 +00:00
policy.yaml	fix: get ns labels in the cluster mode when using the CLI (#10348 )	2024-06-04 10:44:44 +00:00
README.md	fix: get ns labels in the cluster mode when using the CLI (#10348 )	2024-06-04 10:44:44 +00:00

README.md

Description

This test makes sure that Kyverno CLI apply works as expected when an exception matches a pod with a namespace selector in case of cluster mode. (i.e. --cluster flag is set)

Steps

- Create a namespace ns-1
- Label the namespace ns-1 with kyverno.tess.io/mutateresource=false
- Create a pod test-pod in namespace ns-1
- Create a policy that requires pod to run as non-root user.
- Create an exception that matches any pod whose ns selector is kyverno.tess.io/mutateresource=false
- Use kyverno apply command to apply the policy and the exception in a cluster mode. It is expected to have a skip as a result.

Reference Issue(s)

https://github.com/kyverno/kyverno/issues/10260