mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-10 18:06:55 +00:00
Code Activity
kyverno/test/conformance/chainsaw/exceptions/psa-run-as-non-root/policy.yaml
Mariam Fahmy c796bb765c
fix: return policies with either audit or enforce rules from the cache (#10667) 
* fix: return policies with either audit or enforce rules from the cache

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>

* feat: introduce validationFailureAction under verifyImage rules

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>

* feat: add chainsaw tests

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>

* fix

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>

---------

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
2024-08-06 18:24:28 +00:00

31 lines
667 B
YAML
Raw Blame History

apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: psp-restricted-limited
annotations:
pod-policies.kyverno.io/autogen-controllers: none
spec:
background: true
rules:
- name: restricted
match:
any:
- resources:
kinds:
- Pod
namespaces:
- default
validate:
validationFailureAction: Enforce
podSecurity:
level: restricted
version: v1.29
exclude:
- controlName: Volume Types
- controlName: Seccomp
- controlName: Seccomp
images:
- '*'
- controlName: Capabilities
images:
- "*"
View git blame Copy permalink