aa93e03b10
Pod security admission controller labels on namespaces are needed for pod security admission controller to know how restrictive each namespace is. This commit adds labels for pod security admission controller to our namespaces. Pod security admission controller is enabled by default on kubernetes 1.23. These labels do nothing harmful or beneficial on the lower versions of kubernetes. Test Plan: PASS: Bootstrap system and ensure the pod security admission controller labels are present on our namespaces (kube-system, armada, deployment, and any namespaces created by applications such as cert-manager) PASS: Upgrade an old system and ensure the labels are added after the upgrade is finished PASS: Try to bring up privileged pods in a baseline namespace, ensure it fails. This was done on a developer iso, since we do not have kubernetes 1.23 ready yet. The same labels were applied to the developer iso's namespaces. PASS: Deploy a privileged pod in a baseline namespace in the current kubernetes version. Ensure it is NOT rejected Change-Id: Ib909eaacb6bba3b5c3327e2f9998a5ecdcb70e9b Story: 2009833 Task: 44764 Signed-off-by: Jerry Sun <jerry.sun@windriver.com> |
||
---|---|---|
.. | ||
centos | ||
controllerconfig | ||
debian | ||
opensuse | ||
.gitignore | ||
PKG-INFO |