From 15d20a0db47253b83035d9d6d29628e7d7b710b3 Mon Sep 17 00:00:00 2001
From: "garcia.ryan" <garcia.ryan@solute.us>
Date: Tue, 7 Nov 2023 15:14:10 -0700
Subject: [PATCH] Testing Exception resource

---
 .../exception-require-non-root-group.yaml     | 20 +++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 chart/templates/exception-require-non-root-group.yaml

diff --git a/chart/templates/exception-require-non-root-group.yaml b/chart/templates/exception-require-non-root-group.yaml
new file mode 100644
index 00000000..00ea8c09
--- /dev/null
+++ b/chart/templates/exception-require-non-root-group.yaml
@@ -0,0 +1,20 @@
+{{- $name := "require-non-root-group" }}
+{{- if and .Values.enabled (dig $name "enabled" false .Values.policies) }}
+apiVersion: kyverno.io/v1
+kind: PolicyException
+metadata:
+  name: {{ $name }}-exception
+namespace: {{ .Release.Namespace }}
+spec:
+  exceptions:
+  - policyName: {{ $name }}
+    ruleNames:
+    - run-as-group
+  match:
+    any:
+    - resources:
+        kinds:
+        - Pods/containers
+        names:
+        - istio-init
+{{- end }}
-- 
GitLab