mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-06 07:57:07 +00:00
Code Activity
kyverno/test/conformance/chainsaw/exceptions/psa-run-as-non-root/exception.yaml
Mariam Fahmy 35494bd8bb
feat add chainsaw tests for pod security and exceptions (#10664) 
* feat add chainsaw tests for pod security and exceptions

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>

* fix: enable ProcMountType in the kind config

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>

---------

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-07-16 12:14:47 +00:00

21 lines
432 B
YAML
Raw Blame History

apiVersion: kyverno.io/v2
kind: PolicyException
metadata:
name: pod-security-exception
spec:
exceptions:
- policyName: psp-restricted-limited
ruleNames:
- restricted
match:
any:
- resources:
kinds:
- Pod
podSecurity:
- controlName: Running as Non-root
images:
- '*/istio/proxyv2*'
restrictedField: spec.initContainers[*].securityContext.runAsNonRoot
values:
- "false"
View git blame Copy permalink