Skip to content
Unicorn Delivery Service Unicorn Delivery Service

Exemptions CR (v1alpha1)

Exemptions

Section titled “Exemptions”
Field Type Description
specSpec

Spec

Section titled “Spec”
Field Type Description
exemptionsExemptions[]Policy exemptions

Exemptions

Section titled “Exemptions”
Field Type Description
descriptionstringReasons as to why this exemption is needed
matcherMatcherResource to exempt (Regex allowed for name)
policiesPolicies[] (enum):
  • DisallowHostNamespaces
  • DisallowNodePortServices
  • DisallowPrivileged
  • DisallowSELinuxOptions
  • DropAllCapabilities
  • RequireNonRootUser
  • RestrictCapabilities
  • RestrictExternalNames
  • RestrictHostPathWrite
  • RestrictHostPorts
  • RestrictIstioAmbientOverrides
  • RestrictIstioSidecarOverrides
  • RestrictIstioTrafficOverrides
  • RestrictIstioUser
  • RestrictProcMount
  • RestrictSeccomp
  • RestrictSELinuxType
  • RestrictVolumeTypes
A list of policies to override
titlestringtitle to give the exemption for reporting purposes

Matcher

Section titled “Matcher”
Field Type Description
kindstring (enum):
  • pod
  • service
namestring
namespacestring
Cookie Settings Privacy Policy