35 lines
831 B
YAML
35 lines
831 B
YAML
apiVersion: kyverno.io/v2beta1
|
|
kind: PolicyException
|
|
metadata:
|
|
name: argocd-cnoe-operation
|
|
namespace: kyverno
|
|
spec:
|
|
exceptions:
|
|
- policyName: disallow-privilege-escalation
|
|
ruleNames:
|
|
- privilege-escalation
|
|
- autogen-privilege-escalation
|
|
- policyName: disallow-capabilities-strict
|
|
ruleNames:
|
|
- require-drop-all
|
|
- autogen-require-drop-all
|
|
- policyName: require-run-as-nonroot
|
|
ruleNames:
|
|
- run-as-non-root
|
|
- autogen-run-as-non-root
|
|
- policyName: restrict-seccomp-strict
|
|
ruleNames:
|
|
- check-seccomp-strict
|
|
- autogen-check-seccomp-strict
|
|
match:
|
|
any:
|
|
- resources:
|
|
kinds:
|
|
- Pod
|
|
- Deployment
|
|
- ReplicaSet
|
|
namespaces:
|
|
- argocd
|
|
names:
|
|
# TODO: this should be more targeted than blanket *
|
|
- argocd-*
|