Skip to content

Exemptions CR (v1alpha1)

Exemptions

Field Type Description
specSpec

Spec

Field Type Description
exemptionsExemptions[]Policy exemptions

Exemptions

Field Type Description
descriptionstringReasons as to why this exemption is needed
matcherMatcherResource to exempt (Regex allowed for name)
policiesPolicies[] (enum):
  • DisallowHostNamespaces
  • DisallowNodePortServices
  • DisallowPrivileged
  • DisallowSELinuxOptions
  • DropAllCapabilities
  • RequireNonRootUser
  • RestrictCapabilities
  • RestrictExternalNames
  • RestrictHostPathWrite
  • RestrictHostPorts
  • RestrictProcMount
  • RestrictSeccomp
  • RestrictSELinuxType
  • RestrictVolumeTypes
A list of policies to override
titlestringtitle to give the exemption for reporting purposes

Matcher

Field Type Description
kindstring (enum):
  • pod
  • service
namestring
namespacestring