Signed-off-by: gwg313 <gwg313@pm.me>
This commit is contained in:
parent
ef827b2c69
commit
145721146e
35 changed files with 919 additions and 122 deletions
54
apps/tekton/policy-exception.yaml
Normal file
54
apps/tekton/policy-exception.yaml
Normal file
|
|
@ -0,0 +1,54 @@
|
|||
apiVersion: kyverno.io/v2
|
||||
kind: PolicyException
|
||||
metadata:
|
||||
name: cicd-security-exceptions
|
||||
namespace: cicd
|
||||
annotations:
|
||||
argocd.argoproj.io/sync-wave: "-1"
|
||||
spec:
|
||||
exceptions:
|
||||
- policyName: require-drop-all-capabilities
|
||||
ruleNames: ["*"]
|
||||
match:
|
||||
any:
|
||||
- resources:
|
||||
namespaces: [cicd]
|
||||
kinds: [Pod]
|
||||
---
|
||||
apiVersion: kyverno.io/v2
|
||||
kind: PolicyException
|
||||
metadata:
|
||||
name: tekton-hostpath-exception
|
||||
namespace: tekton-pipelines
|
||||
annotations:
|
||||
argocd.argoproj.io/sync-wave: "-1"
|
||||
spec:
|
||||
exceptions:
|
||||
- policyName: disallow-hostpath-volumes
|
||||
ruleNames:
|
||||
- no-hostpath
|
||||
- autogen-no-hostpath
|
||||
match:
|
||||
any:
|
||||
- resources:
|
||||
namespaces: [tekton-pipelines]
|
||||
kinds: [Pod, Deployment]
|
||||
---
|
||||
apiVersion: kyverno.io/v2
|
||||
kind: PolicyException
|
||||
metadata:
|
||||
name: pac-hostpath-exception
|
||||
namespace: pipelines-as-code
|
||||
annotations:
|
||||
argocd.argoproj.io/sync-wave: "-1"
|
||||
spec:
|
||||
exceptions:
|
||||
- policyName: disallow-hostpath-volumes
|
||||
ruleNames:
|
||||
- no-hostpath
|
||||
- autogen-no-hostpath
|
||||
match:
|
||||
any:
|
||||
- resources:
|
||||
namespaces: [pipelines-as-code]
|
||||
kinds: [Pod, Deployment]
|
||||
Loading…
Add table
Add a link
Reference in a new issue