apiVersion: kyverno.io/v2 kind: PolicyException metadata: name: cicd-security-exceptions namespace: cicd annotations: argocd.argoproj.io/sync-wave: "-1" spec: exceptions: - policyName: require-drop-all-capabilities ruleNames: ["*"] match: any: - resources: namespaces: [cicd] kinds: [Pod] --- apiVersion: kyverno.io/v2 kind: PolicyException metadata: name: tekton-hostpath-exception namespace: tekton-pipelines annotations: argocd.argoproj.io/sync-wave: "-1" spec: exceptions: - policyName: disallow-hostpath-volumes ruleNames: - no-hostpath - autogen-no-hostpath match: any: - resources: namespaces: [tekton-pipelines] kinds: [Pod, Deployment] --- apiVersion: kyverno.io/v2 kind: PolicyException metadata: name: pac-hostpath-exception namespace: pipelines-as-code annotations: argocd.argoproj.io/sync-wave: "-1" spec: exceptions: - policyName: disallow-hostpath-volumes ruleNames: - no-hostpath - autogen-no-hostpath match: any: - resources: namespaces: [pipelines-as-code] kinds: [Pod, Deployment]