-
Notifications
You must be signed in to change notification settings - Fork 54
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support new Kubernetes PodSecurityStandards for Korifi core pods #1221
Comments
danail-branekov
added a commit
that referenced
this issue
Jun 23, 2022
Also, introduce a `deployment` test to verify that Issue: #1221
danail-branekov
added a commit
that referenced
this issue
Jun 23, 2022
Also, introduce a `deployment` test to verify that Issue: #1221
danail-branekov
added a commit
that referenced
this issue
Jun 23, 2022
danail-branekov
moved this from 🔄 In progress
to ⏳ Review in progress
in Korifi - Backlog
Jun 23, 2022
danail-branekov
moved this from ⏳ Review in progress
to 🔄 In progress
in Korifi - Backlog
Jun 23, 2022
gcapizzi
added a commit
that referenced
this issue
Jun 23, 2022
Configure Korifi with `restricted` pod-security
danail-branekov
added a commit
that referenced
this issue
Jun 27, 2022
Issue: #1221 Co-authored-by: Danail Branekov <danailster@gmail.com>
danail-branekov
added a commit
that referenced
this issue
Jun 27, 2022
Issue: #1221 Co-authored-by: Danail Branekov <danailster@gmail.com>
danail-branekov
moved this from 🔄 In progress
to ⌛ Reviewer approved
in Korifi - Backlog
Jun 27, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
As of Kubernetes 1.21 pod security policies are deprecated and are going to be removed in 1.25. They are going to be replaced by the Pod security admission controller and pod security standards. This means that pod security is going to be configured per namespace rather than per pod.
We would like to enforce the
restricted
security standard on Korifi "core" podsAccceptance
Given Korifi is deployed
Then I see that the
eirini-controller
korifi-api-system
,korifi-controllers-system
andkorifi-kpack-build-system
namespace contains the following labels:When Korifi is deployed
Then The containers of the
eirini-controller
,korifi-api-system
,korifi-controllers-system
andkorifi-kpack-build-system
pods have the following security context:restricted
pod security on Korifi's pods/namespaces: PR Configure Korifi withrestricted
pod-security #1277restricted
pod security on eirini-controllers pods/namespacesinstall-dependencies
The text was updated successfully, but these errors were encountered: