Some checks are pending
Pipelines as Code CI / homelab-ci CI has Started
Signed-off-by: gwg313 <gwg313@pm.me>
54 lines
1.2 KiB
YAML
54 lines
1.2 KiB
YAML
apiVersion: kyverno.io/v2
|
|
kind: PolicyException
|
|
metadata:
|
|
name: cicd-security-exceptions
|
|
namespace: cicd
|
|
annotations:
|
|
argocd.argoproj.io/sync-wave: "-1"
|
|
spec:
|
|
exceptions:
|
|
- policyName: require-drop-all-capabilities
|
|
ruleNames: ["*"]
|
|
match:
|
|
any:
|
|
- resources:
|
|
namespaces: [cicd]
|
|
kinds: [Pod]
|
|
---
|
|
apiVersion: kyverno.io/v2
|
|
kind: PolicyException
|
|
metadata:
|
|
name: tekton-hostpath-exception
|
|
namespace: tekton-pipelines
|
|
annotations:
|
|
argocd.argoproj.io/sync-wave: "-1"
|
|
spec:
|
|
exceptions:
|
|
- policyName: disallow-hostpath-volumes
|
|
ruleNames:
|
|
- no-hostpath
|
|
- autogen-no-hostpath
|
|
match:
|
|
any:
|
|
- resources:
|
|
namespaces: [tekton-pipelines]
|
|
kinds: [Pod, Deployment]
|
|
---
|
|
apiVersion: kyverno.io/v2
|
|
kind: PolicyException
|
|
metadata:
|
|
name: pac-hostpath-exception
|
|
namespace: pipelines-as-code
|
|
annotations:
|
|
argocd.argoproj.io/sync-wave: "-1"
|
|
spec:
|
|
exceptions:
|
|
- policyName: disallow-hostpath-volumes
|
|
ruleNames:
|
|
- no-hostpath
|
|
- autogen-no-hostpath
|
|
match:
|
|
any:
|
|
- resources:
|
|
namespaces: [pipelines-as-code]
|
|
kinds: [Pod, Deployment]
|