openstack/openstack-helm-infra
Code Issues Proposed changes
248a280293
openstack-helm-infra/releasenotes/notes/namespace-config.yaml
Phil Sphicas 3c4ebf0172 namespace-config: Grant access to existing PSP 
This change updates the namespace-config chart to (optionally) create
RBAC rules allowing service accounts in the namespace 'use' access to an
existing Pod Security Policy in the cluster. The policy is specified as:

    podSecurityPolicy:
      existingPsp: name-of-existing-psp

This aligns with the PSP deprecation guidance provided to date [0],
which suggests easing the transition to the "PSP Replacement Policy" by
establishing the standard PSPs (Restricted, Baseline, and Privileged),
assigning a cluster-wide default, and binding more-permissive policies
as needed in certain namespaces.

[0] https://kubernetes.io/blog/2021/04/06/podsecuritypolicy-deprecation-past-present-and-future/

Change-Id: I46da230abf822e0cc3553561fd779444439c34a7
2021-08-02 01:36:36 +00:00

6 lines
103 B
YAML
Raw Blame History

---
namespace-config:
- 0.1.0 Initial Chart
- 0.1.1 Grant access to existing PodSecurityPolicy
...
View Git Blame Copy Permalink