add pac
Some checks are pending
Pipelines as Code CI / homelab-ci CI has Started

Signed-off-by: gwg313 <gwg313@pm.me>
This commit is contained in:
gwg313 2026-06-28 17:56:19 -04:00
parent ef827b2c69
commit 145721146e
Signed by: gwg313
GPG key ID: 60FF63B4826B7400
35 changed files with 919 additions and 122 deletions

View file

@ -0,0 +1,54 @@
apiVersion: kyverno.io/v2
kind: PolicyException
metadata:
name: cicd-security-exceptions
namespace: cicd
annotations:
argocd.argoproj.io/sync-wave: "-1"
spec:
exceptions:
- policyName: require-drop-all-capabilities
ruleNames: ["*"]
match:
any:
- resources:
namespaces: [cicd]
kinds: [Pod]
---
apiVersion: kyverno.io/v2
kind: PolicyException
metadata:
name: tekton-hostpath-exception
namespace: tekton-pipelines
annotations:
argocd.argoproj.io/sync-wave: "-1"
spec:
exceptions:
- policyName: disallow-hostpath-volumes
ruleNames:
- no-hostpath
- autogen-no-hostpath
match:
any:
- resources:
namespaces: [tekton-pipelines]
kinds: [Pod, Deployment]
---
apiVersion: kyverno.io/v2
kind: PolicyException
metadata:
name: pac-hostpath-exception
namespace: pipelines-as-code
annotations:
argocd.argoproj.io/sync-wave: "-1"
spec:
exceptions:
- policyName: disallow-hostpath-volumes
ruleNames:
- no-hostpath
- autogen-no-hostpath
match:
any:
- resources:
namespaces: [pipelines-as-code]
kinds: [Pod, Deployment]