change kyverno policy require-non-root-user back to audit

defenseunicorns · Jan 11, 2024 · 340f896 · 340f896
1 parent 0dcd6d3
commit 340f896
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/test/dubbd-values.yaml b/test/dubbd-values.yaml
@@ -10,13 +10,16 @@ istio:
     tenant:
       tls:
         minProtocolVersion: TLSV1_2
-# See https://github.com/defenseunicorns/uds-sso/issues/38
 kyvernoPolicies:
   values:
     policies:
       require-non-root-user:
+        # This was changed to Enforce by default in BB v2.16.0. We still have it in audit mode to make testing stuff easier.
+        # We recommend changing to "Enforce" in production
+        validationFailureAction: audit
         exclude:
           any:
             - resources:
                 namespaces:
+                  # See https://github.com/defenseunicorns/uds-sso/issues/38
                   - pepr-system