Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make Pinniped compatible with Kube clusters which have enabled PSAs #1286

Merged
merged 1 commit into from
Sep 23, 2022
Merged

Make Pinniped compatible with Kube clusters which have enabled PSAs #1286

merged 1 commit into from
Sep 23, 2022

Conversation

cfryanr
Copy link
Member

@cfryanr cfryanr commented Sep 14, 2022

Where possible, use securityContext settings which will work with the most restrictive Pod Security Admission policy level (as of Kube 1.25). Where privileged containers are needed, use the namespace-level annotation to allow them.

Also adjust some integration tests to make similar changes to allow the integration tests to pass on test clusters which use restricted PSAs.

Release note:

Make Pinniped compatible with Kube clusters which have enabled PSAs.

@codecov
Copy link

codecov bot commented Sep 14, 2022
edited
Loading

Codecov Report

Merging #1286 (b564454) into main (6b3a2e8) will decrease coverage by 0.00%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##             main    #1286      +/-   ##
==========================================
- Coverage   79.72%   79.71%   -0.01%     
==========================================
  Files         144      144              
  Lines       10522    10522              
==========================================
- Hits         8389     8388       -1     
  Misses       1853     1853              
- Partials      280      281       +1
Impacted Files Coverage Δ
internal/plog/config.go 58.33% <0.00%> (-2.09%) ⬇️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

@cfryanr
Make Pinniped compatible with Kube clusters which have enabled PSAs
b564454 
Where possible, use securityContext settings which will work with the
most restrictive Pod Security Admission policy level (as of Kube 1.25).
Where privileged containers are needed, use the namespace-level
annotation to allow them.

Also adjust some integration tests to make similar changes to allow the
integration tests to pass on test clusters which use restricted PSAs.
benjaminapetersen
benjaminapetersen approved these changes Sep 23, 2022
View reviewed changes
Copy link
Member

@benjaminapetersen benjaminapetersen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@cfryanr cfryanr merged commit 5102865 into main Sep 23, 2022
@cfryanr cfryanr deleted the psa branch September 23, 2022 20:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@benjaminapetersen benjaminapetersen benjaminapetersen approved these changes

Assignees
No one assigned
Labels
cla-not-required
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@cfryanr @benjaminapetersen @vmwclabot