policyDefinitions/Kubernetes/container-allowed-capabilities/examples-violations/violation.yaml (21 lines of code) (raw):
apiVersion: v1
kind: Pod
metadata:
name: opa-capability-bad
labels:
owner: me.agilebank.demo
spec:
containers:
- name: opa
image: openpolicyagent/opa:0.9.2
args:
- "run"
- "--server"
- "--addr=localhost:8080"
securityContext:
capabilities:
add: ["disallowedcapability"]
resources:
limits:
cpu: "100m"
memory: "30Mi"