apiVersion: constraints.gatekeeper.sh/v1beta1 kind: K8sAzureAllowedCapabilities metadata: name: container-allowed-capabilities spec: match: excludedNamespaces: {{ .Values.excludedNamespaces }} kinds: - apiGroups: [""] kinds: ["Pod"] parameters: allowedCapabilities: {{ .Values.allowedCapabilities }} requiredDropCapabilities: {{ .Values.requiredDropCapabilities }}