Kyverno excludeContainers policy syntax issue
Bug
Description
The restrict-capabilities.yaml file has a "kyverno-policies.excludeContainers" policy at the end of it. The capabilities list is “NET_BIND_SERVICE || NET_ADMIN || NET_RAW” or similar, but doing it like this meant the “add” field was a string, but we provided an array and it broke. Changing the policy to an array of !… strings fix that problem.
Here is the suggested change to the policy to produce an array of strings instead:
=(add): {{ toJson (dig $name "parameters" "allow" nil .Values.policies) }}
BigBang Version
Latest