starlingx
/
config
Code Issues Proposed changes
StarlingX System Configuration Management
3,935 Commits 22 Branches 10 Tags 78 MiB
Python 97.3%
Shell 2.3%
CSS 0.2%
Go to file
Carmen Rata eef577f13d Update application namespaces PSA labels 
This commit updates the per-mode version of Pod Security Admission
labels to "latest" for application namespaces such as cert-manager.
Pod Security Admission labels on namespaces are needed for pod
security admission controller to know how restrictive each
namespace is.
Pinning to a specific Kubernetes version, for example v1.23, allows
the behavior to remain consistent as policy changes happen over
Kubernetes releases. Keeping the version "latest" as the default,
allows more flexibility when supporting multiple kubernetes
versions.
This commit also updates the application namespaces label default
levels to "privileged" from "baseline". This will cause no-harm
if users do not wish to use "beta" PSA feature enabled by default
in Kubernetes v1.23+.

Test Plan:
PASS: In an installed system verify that the pod security admission
      labels of the cert-manager namespace has been updated with the
      per-mode version "latest".
PASS: Created namespaces where policies are applied via labels.
      Privileged pods fail to get created in namespaces that are not
      configured with privileged policy level.
PASS: Privileged pods get created in namespaces with no security
      policy labels.

Story: 2009833
Task: 45632

Signed-off-by: Carmen Rata <carmen.rata@windriver.com>
Change-Id: I76d44873ac447bbc0e2d90643fedf38bef8ebd1a
 		2022-06-17 20:30:18 -04:00
api-ref/source Add runtime reconfiguration of kubelet 2022-06-09 17:59:35 -04:00
config-gate debian: Fix config-gate packaging 2022-03-08 20:19:15 +00:00
controllerconfig Update application namespaces PSA labels 2022-06-17 20:30:18 -04:00
devstack Remove host hardware sysinv profile 2021-10-18 18:01:40 -03:00
doc Fix tox-docs failing sphinx 2022-05-31 13:56:30 +00:00
releasenotes Remove host hardware sysinv profile 2021-10-18 18:01:40 -03:00
storageconfig Add debian packaging directory for storageconfig 2021-10-18 10:05:38 -03:00
sysinv Update application namespaces PSA labels 2022-06-17 20:30:18 -04:00
tmp/patch-scripts/EXAMPLE_SYSINV/scripts StarlingX open source release updates 2018-05-31 07:35:52 -07:00
tools/docker/images Enable kubernetes SCTPSupport feature 2019-09-03 19:23:05 +00:00
tsconfig Adjust pxeboot config files path in an upgrade 2022-05-19 21:29:00 -04:00
workerconfig Add debian packaging directory for workerconfig 2021-09-28 09:51:54 -04:00
.gitignore Minor zuul and tox file cleanup after manifest re-org 2019-09-06 15:40:37 -05:00
.gitreview OpenDev Migration Patch 2019-04-19 19:52:42 +00:00
.yamllint clear yamllint errors under stx-config 2018-09-12 21:11:57 +08:00
.zuul.yaml Cleanup tox for python3.9 jobs 2022-03-25 20:32:09 +00:00
CONTRIBUTORS.wrs StarlingX open source release updates 2018-05-31 07:35:52 -07:00
LICENSE StarlingX open source release updates 2018-05-31 07:35:52 -07:00
README.rst StarlingX open source release updates 2018-05-31 07:35:52 -07:00
bindep.txt py3: Add py39 gate for sysinv 2021-08-27 08:39:06 -04:00
centos_build_layer.cfg Build layering, add layer build config file 2019-10-15 12:29:05 +08:00
centos_dev_wheels.inc Config file changes to add 'tsconfig' after relocation from 'update' 2019-09-05 11:51:05 -04:00
centos_helm.inc Infrastructure and Cluster Monitoring 2019-08-21 17:19:54 -04:00
centos_iso_image.inc Add cert-alarm service 2021-07-22 08:29:23 -04:00
centos_pkg_dirs Add cert-alarm service 2021-07-22 08:29:23 -04:00
centos_pkg_dirs_containers Config file changes for packages relocated to repo 'openstack-armada-app' 2019-09-05 10:42:00 -04:00
centos_stable_wheels.inc Config file changes to add 'tsconfig' after relocation from 'update' 2019-09-05 11:51:05 -04:00
debian_build_layer.cfg Add debian_build_layer.cfg file 2021-10-05 14:50:08 -04:00
debian_iso_image.inc Add debian_iso_image.inc file 2021-11-04 09:07:23 -04:00
debian_pkg_dirs Add missing packages that have debian directories. 2021-11-01 19:20:40 -04:00
debian_stable_wheels.inc debian: add tsconfig wheel to the build 2022-04-27 10:42:36 -04:00
test-requirements.txt Calling an additional shell lint command from zuul 2021-06-03 17:35:50 -05:00
tox.ini Calling an additional shell lint command from zuul 2021-06-03 17:35:50 -05:00

README.rst

stx-config

StarlingX Configuration Management