mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-05 23:46:56 +00:00
2273529a35
Fixes #7456 Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> Co-authored-by: shuting <shuting@nirmata.com>
29 lines
798 B
YAML
29 lines
798 B
YAML
podSecurityStandard: restricted
|
|
includeOtherPolicies:
|
|
- require-non-root-groups
|
|
policyPreconditions:
|
|
require-run-as-non-root-user:
|
|
all:
|
|
- key: "{{ request.object.metadata.name }}"
|
|
operator: NotEquals
|
|
value: "dcgm-exporter*"
|
|
require-drop-all:
|
|
any:
|
|
- key: "{{ request.object.metadata.name }}"
|
|
operator: NotEquals
|
|
value: "dcgm-exporter*"
|
|
disallow-capabilities:
|
|
all:
|
|
- key: "{{ request.object.metadata.name }}"
|
|
operator: NotEquals
|
|
value: "dcgm-exporter*"
|
|
adding-capabilities-strict:
|
|
all:
|
|
- key: "{{ request.object.metadata.name }}"
|
|
operator: NotEquals
|
|
value: "dcgm-exporter*"
|
|
restrict-volume-types:
|
|
all:
|
|
- key: "{{ request.object.metadata.name }}"
|
|
operator: NotEquals
|
|
value: "dcgm-exporter*"
|