kyverno

mirror of https://github.com/kyverno/kyverno.git synced 2024-12-15 17:51:20 +00:00

History

Mariam Fahmy f01f0d6dc4 feat: support podSecurity exclusion in exceptions (#9343 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>		2024-01-26 18:43:07 +00:00
..
chainsaw-test.yaml	feat: support podSecurity exclusion in exceptions (#9343 )	2024-01-26 18:43:07 +00:00
exception.yaml	feat: support podSecurity exclusion in exceptions (#9343 )	2024-01-26 18:43:07 +00:00
ns.yaml	feat: support podSecurity exclusion in exceptions (#9343 )	2024-01-26 18:43:07 +00:00
pod-allowed-1.yaml	feat: support podSecurity exclusion in exceptions (#9343 )	2024-01-26 18:43:07 +00:00
pod-allowed-2.yaml	feat: support podSecurity exclusion in exceptions (#9343 )	2024-01-26 18:43:07 +00:00
pod-rejected.yaml	feat: support podSecurity exclusion in exceptions (#9343 )	2024-01-26 18:43:07 +00:00
policy-assert.yaml	feat: support podSecurity exclusion in exceptions (#9343 )	2024-01-26 18:43:07 +00:00
policy.yaml	feat: support podSecurity exclusion in exceptions (#9343 )	2024-01-26 18:43:07 +00:00
README.md	feat: support podSecurity exclusion in exceptions (#9343 )	2024-01-26 18:43:07 +00:00

README.md

Description

This test creates a policy that enforces the baseline profile and a policy exception that exempts any pod whose image is nginx and hostPort set to either 10 or 20. The policy exception is configured to apply only to the pods that in staging-ns-3 namespace.

Steps

- Create a cluster policy
- Assert the policy becomes ready
- Create a policy exception for the cluster policy created above.
- Try to create a pod named good-pod-1 in the default namespace whose hostPort is set to zero, expecting the creation to succeed.
- Try to create a pod named good-pod-2 in the staging-ns-3 namespace that uses the HostPort control whose values are 10 and 20, expecting the creation to succeed.
- Try to create a pod named bad-pod in the default namespace that uses both the HostProcess controls with value 20, expecting the creation to fail.