-
Notifications
You must be signed in to change notification settings - Fork 38.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Authorize PSP usage for pods without service accounts #43489
Authorize PSP usage for pods without service accounts #43489
Conversation
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: liggitt
Needs approval from an approver in each of these OWNERS Files:
You can indicate your approval by writing |
@k8s-bot non-cri e2e test this |
@k8s-bot unit test this |
@k8s-bot test this [submit-queue is verifying that this PR is safe to merge] |
Automatic merge from submit-queue (batch tested with PRs 43492, 43489) |
@liggitt: The following test(s) failed:
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
…9-upstream-release-1.5 Automatic merge from submit-queue Automated cherry pick of #43489 Cherry pick of #43489 on release-1.5. #43489: Authorize PSP usage for pods without service accounts Picks fix made in v1.5.5 into the release-1.5 branch. No release note, since the change was already present in v1.5.5.
Could you please give a example show how an attacker can create a pod without serviceaccount? |
Fixes #43459