kyverno

mirror of https://github.com/kyverno/kyverno.git synced 2025-03-10 18:06:55 +00:00

History

Mariam Fahmy 2140a0239b chore: rename validationFailureAction to failureAction under the rule (#10893 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>		2024-08-27 20:07:57 +00:00
..
chainsaw-test.yaml
exception.yaml	chore: use v2 for exceptions in chainsaw tests (#10529 )	2024-06-24 11:54:57 +00:00
ns.yaml
pod-allowed-1.yaml
pod-allowed-2.yaml
pod-rejected.yaml
policy-assert.yaml
policy.yaml	chore: rename validationFailureAction to failureAction under the rule (#10893 )	2024-08-27 20:07:57 +00:00
README.md

README.md

Description

This test creates a policy that enforces the baseline profile and a policy exception that exempts any pod whose image is nginx and hostPort set to either 10 or 20. The policy exception is configured to apply only to the pods that in staging-ns-3 namespace.

Steps

- Create a cluster policy
- Assert the policy becomes ready
- Create a policy exception for the cluster policy created above.
- Try to create a pod named good-pod-1 in the default namespace whose hostPort is set to zero, expecting the creation to succeed.
- Try to create a pod named good-pod-2 in the staging-ns-3 namespace that uses the HostPort control whose values are 10 and 20, expecting the creation to succeed.
- Try to create a pod named bad-pod in the default namespace that uses both the HostProcess controls with value 20, expecting the creation to fail.