-
Notifications
You must be signed in to change notification settings - Fork 463
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
authentication: pod-security initial commit #899
Conversation
2823a2e
to
b9716dd
Compare
/approve this is in line with the plan that was debated in control plane theme call and also internally. |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: mfojtik The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
1. (DONE) Enable the PodSecurity admission plugin in no-op mode but with the ability to audit policy violations. | ||
|
||
- https://github.com/openshift/api/pull/1001 add `PodSecurity` to default enabled feature set in OpenShift hyperkube | ||
- https://github.com/openshift/cluster-kube-apiserver-operator/pull/1217 enable `PodSecurity` admission plugin and provide a default configuration | ||
- https://github.com/openshift/kubernetes/pull/950 vendor api changes in openshift/kubernetes | ||
- https://github.com/openshift/cluster-kube-apiserver-operator/pull/1231 enable `PodSecurity` feature gate in kube-apiserver-operator |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wouldn't post PRs in an enhancement and would stick with just the plan. You can xref the PRs in the comments.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
no disagreement, let's remove them then, at the same time leaving them here as a comment:
- config/v1: add PodSecurity to Default features api#1001: add
PodSecurity
to default enabled feature set in OpenShift hyperkube - bindata: enable podsecurity plugin cluster-kube-apiserver-operator#1217: enable
PodSecurity
admission plugin and provide a default configuration - UPSTREAM: <drop>: bump openshift, k8s to 1.22.1 kubernetes#950: vendor api changes in openshift/kubernetes
- Enable PodSecurity admission by default cluster-kube-apiserver-operator#1231
b99704d
to
da300a4
Compare
da300a4
to
4eaffa6
Compare
/retest |
/lgtm |
No description provided.