Update custompolicyexceptions
General MR
Summary
Update how PolicyExceptions are passed. This corresponds with MR submitted to upstream: https://github.com/kyverno/kyverno/pull/15442
The apiVersion won't be updated until we cutover to new policies and where the new version will use CEL policyexceptions.
Relevant logs/screenshots
PolicyException generated by passing values to template.
Linked Issue
Upgrade Notices
Simplified the way to pass exceptions via values.yaml. Default namespace "kyverno" is added and kind no longer needs to be passed. An example is in the comments of values.yaml:
additionalPolicyExceptions:
# # -- Name of the policy. Addtional policyexceptions can be added by adding a key.
samplepolicyexception:
# # -- Which namespace to target. The namespace must already exist.
namespace: ""
# # -- Policy annotations to add
annotations:
# # -- Human readable name of policyException
policies.kyverno.io/title: Sample PolicyException
# # -- Category of policy. Arbitrary.
policies.kyverno.io/category: Examples
# # -- Type of resource PolicyException applies to (e.g. Pod, Service, Namespace)
policies.kyverno.io/subject: Pod
# # -- Description of why the PolicyException is necessary and what items are allowed or unallowed.
policies.kyverno.io/description: >-
# This sample PolicyException allows pods from deploying busybox for debugging.
spec:
exceptions:Edited by Jasdeep Basra