homelab-gitops/apps/tekton/policy-exception.yaml
gwg313 145721146e
Some checks are pending
Pipelines as Code CI / homelab-ci CI has Started
add pac
Signed-off-by: gwg313 <gwg313@pm.me>
2026-06-28 23:33:25 -04:00

54 lines
1.2 KiB
YAML

apiVersion: kyverno.io/v2
kind: PolicyException
metadata:
name: cicd-security-exceptions
namespace: cicd
annotations:
argocd.argoproj.io/sync-wave: "-1"
spec:
exceptions:
- policyName: require-drop-all-capabilities
ruleNames: ["*"]
match:
any:
- resources:
namespaces: [cicd]
kinds: [Pod]
---
apiVersion: kyverno.io/v2
kind: PolicyException
metadata:
name: tekton-hostpath-exception
namespace: tekton-pipelines
annotations:
argocd.argoproj.io/sync-wave: "-1"
spec:
exceptions:
- policyName: disallow-hostpath-volumes
ruleNames:
- no-hostpath
- autogen-no-hostpath
match:
any:
- resources:
namespaces: [tekton-pipelines]
kinds: [Pod, Deployment]
---
apiVersion: kyverno.io/v2
kind: PolicyException
metadata:
name: pac-hostpath-exception
namespace: pipelines-as-code
annotations:
argocd.argoproj.io/sync-wave: "-1"
spec:
exceptions:
- policyName: disallow-hostpath-volumes
ruleNames:
- no-hostpath
- autogen-no-hostpath
match:
any:
- resources:
namespaces: [pipelines-as-code]
kinds: [Pod, Deployment]