8000 [Bug] The migration for keep using PolicyException isn't working · Issue #11721 · kyverno/kyverno · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

[Bug] The migration for keep using PolicyException isn't working #11721

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
2 tasks done
NoamGaloz1 opened this issue Dec 5, 2024 · 1 comment
Closed
2 tasks done

[Bug] The migration for keep using PolicyException isn't working #11721

NoamGaloz1 opened this issue Dec 5, 2024 · 1 comment
Labels
bug Something isn't working exceptions Policy exceptions functionality in 1.9+. triage Default label assigned to all new issues indicating label curation is needed to fully organize.

Comments

@NoamGaloz1
Copy link

Kyverno Version

1.13.0

Description

I have configured flags as your docs say so -
--set features.policyExceptions.enabled=true --set features.policyExceptions.namespace="*"

And deployed the following-

apiVersion: kyverno.io/v2beta1
kind: PolicyException
metadata:
  name: kokokoko
  namespace: noam-test
spec:
  exceptions:
  - policyName: require-labels
    ruleNames:
    - require-team-label
  match:
    any:
    - resources:
        kinds:
        - ConfigMap
        namespaces:
        - noam-test
        names:
        - test-configmap
---
# Test Policy in namespace-1
apiVersion: kyverno.io/v1
kind: Policy
metadata:
  name: require-labels
  namespace: noam-test
spec:
  validationFailureAction: enforce
  background: false
  rules:
  - name: require-team-label
    match:
      resources:
        kinds:
        - ConfigMap
    validate:
      message: "Team label is required"
      pattern:
        metadata:
          labels:
            team: "?*"
---
# Test ConfigMap that violates the policy
apiVersion: v1
kind: ConfigMap
metadata:
  name: test-configmap
  namespace: noam-test
  labels: {} 
data:
  key: "value"

The ConfigMap creation is getting blocked, and no related logs appear on admission pod.

Slack discussion

No response

Troubleshooting

  • I have read and followed the documentation AND the troubleshooting guide.
  • I have searched other issues in this repository and mine is not recorded.
@NoamGaloz1 NoamGaloz1 added bug Something isn't working triage Default label assigned to all new issues indicating label curation is needed to fully organize. labels Dec 5, 2024
@NoamGaloz1 NoamGaloz1 changed the title [Bug] The Migration for keep using PolicyException isn't working [Bug] The migration for keep using PolicyException isn't working Dec 5, 2024
@dosubot dosubot bot added the exceptions Policy exceptions functionality in 1.9+. label Dec 5, 2024
@dosubot DosuBot
Copy link
dosubot bot commented Mar 6, 2025

Hi, @NoamGaloz1. I'm Dosu, and I'm helping the kyverno team manage their backlog. I'm marking this issue as stale.

Issue Summary:

  • Reported bug in Kyverno version 1.13.0 related to the PolicyException feature.
  • Despite correct configuration, the system blocks ConfigMap creation violating the policy.
  • No logs are generated in the admission pod to indicate the issue.
  • User followed documentation and troubleshooting guide without resolution.

Next Steps:

  • Please confirm if this issue is still relevant to the latest version of the kyverno repository by commenting here.
  • If there is no further activity, the issue will be automatically closed in 60 days.

Thank you for your understanding and contribution!

@dosubot dosubot bot added the stale Stale issue, may be closed in the near future if nothing happens label Mar 6, 2025
@dosubot dosubot bot closed this as not planned Won't fix, can't repro, duplicate, stale May 5, 2025
@dosubot dosubot bot removed the stale Stale issue, may be closed in the near future if nothing happens label May 5, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working exceptions Policy exceptions functionality in 1.9+. triage Default label assigned to all new issues indicating label curation is needed to fully organize.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@NoamGaloz1
0