-
Notifications
You must be signed in to change notification settings - Fork 71
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enforce Pod Security Standard restricted #2021
base: main
Are you sure you want to change the base?
Conversation
994104d
to
01d24c3
Compare
For ease of review: TLDR: add PodSecurity: restricted as ClusterConfiguration to cluster.yml in github actions. This PR creates file /tmp/pss/cluster-level-pss.yaml with contents:
Then, during "Mirror setup", "sysctls specs kind config override" and "Mirror override" steps - it modifies the creation of cluster.yml: file cluster-level-pss.yaml is mounted as extra mount and used as ClusterConfiguration. |
It was discussed in the previous PR that double (image) pinning was useless as kind is already pinned. this will be precised in a second pending commit |
I don't have too much experience with Kubernetes and Helm and trying to review changes like this is new for me. Sorry if some of the questions are obvious or aren't making much sense.
Couldn't find the discussion, can you link it please? |
35a7606
to
08c726b
Compare
https://kubernetes.io/docs/tutorials/security/cluster-level-pss/ close: cnti-testcatalog#1887 Signed-off-by: Cédric Ollivier <[email protected]>
Signed-off-by: Cédric Ollivier <[email protected]>
Signed-off-by: Cédric Ollivier <[email protected]>
Description
https://kubernetes.io/docs/tutorials/security/cluster-level-pss/
Issues:
close: #1887
How has this been tested: