mirrors/pinniped
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/pinniped.git synced 2026-01-08 15:21:55 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Make Pinniped compatible with Kube clusters which have enabled PSAs

Browse Source 
Where possible, use securityContext settings which will work with the
most restrictive Pod Security Admission policy level (as of Kube 1.25).
Where privileged containers are needed, use the namespace-level
annotation to allow them.

Also adjust some integration tests to make similar changes to allow the
integration tests to pass on test clusters which use restricted PSAs.
This commit is contained in:
Ryan Richard
2022-09-15 14:58:15 -07:00
parent 6b3a2e87c0
commit b564454bab
7 changed files with 66 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
test/deploy/tools/namespace.yaml
View File

@@ -1,4 +1,4 @@
#! Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
#! Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
#! SPDX-License-Identifier: Apache-2.0
---
@@ -6,3 +6,8 @@ apiVersion: v1
kind: Namespace
metadata:
name: tools
labels:
# When deploying onto a cluster which has PSAs enabled by default for namespaces,
# effectively disable them for this namespace. This namespace is only for integration
# testing helper tools, and should never be deployed in production installs.
pod-security.kubernetes.io/enforce: privileged