Hardening of the pod permissions. #265
Conversation
|
Since this is a community submitted pull request, a Jenkins build has not been kicked off automatically. Can an Elastic organization member please verify the contents of this patch and then kick off a build manually? |
|
Hi @maximelenair, we have found your signature in our records, but it seems like you have signed with a different e-mail than the one used in your Git commit. Can you please add both of these e-mails into your Github profile (they can be hidden), so we can match your e-mails to your Github profile? |
Role, role binding and service account can now be created by the Helm chart. An external service account can also be referenced. Adding support for pod security policy to either be referenced from an existing one or created by the helm chart.
maximelenair
force-pushed
the
podsecuritypolicy
branch
from
d39930f
to
93a1a23
Compare
|
Anything in particular blocking this? We would appreciate getting this in so we can start using this chart. |
|
jenkins test this please |
There was a problem hiding this comment.
LGTM! Thank you so much for working on this. This is great work and you added tests and everything too!
Sorry for the delays in getting around to reviewing it, I was on vacation. We are currently in the process of adding more maintainers to this project to make sure it doesn't go silent everytime I'm away :)
|
jenkins test this please |
|
Tests are failing since this branch still has the now non-supported GKE versions in it. Will rebase on master... |
|
jenkins test this please |
Following #232 - creating this pull request to add PSP / SA support for the chart.
I tried to keep a similar implementation to the one done in Filebeat - could be improved though.
Not sure if the integration tests need to be updated, I didn't really looked into it.
Permissions forr the PSP might be improved? Sadly due to the init container the permissions have to be quite large.
${CHART}/tests/*.py${CHART}/examples/*/test/goss.yaml