798303eb88
Added capability in the podsecuritypolicy template to bind individual serviceaccounts to clusterroles to enable enforcing psp at serviceaccount level. The idea is that the default psp can be tuned to be restrictive for all serviceaccounts; and new psp, clusterroles, and clusterrolebindings are defined to bind specific serviceaccounts or namespaces to permissive podsecuritypolicies, based on the security requirements of a deployment. Change-Id: I1b13c0e324b9a756a07d36b6e53786303f4a9f89 |
||
---|---|---|
.. | ||
podsecuritypolicy.yaml |