Skip to content
This repository was archived by the owner on Apr 4, 2023. It is now read-only.
This repository was archived by the owner on Apr 4, 2023. It is now read-only.

Navigator should be able to operate in a cluster where PodSecurityPolicy is enabled #367

Open
Open
Navigator should be able to operate in a cluster where PodSecurityPolicy is enabled#367
Labels
kind/feature
@wallrj

Description

@wallrj
wallrj
opened on Jun 12, 2018

https://kubernetes.io/docs/concepts/policy/pod-security-policy/

It looks like we need a way for users to choose the name of a PodSecurityPolicy to use for the service accounts generated by the Navigator controller.

  • Maybe have the helm chart install a PodSecurityPolicy suitable for use by Navigator database service accounts.
  • And have helm install an RBAC ClusterRole which allows the subject to use that PSP.
  • And have the Navigator controller create role bindings for each service account, binding it to the ClusterRole above.
  • We should run E2E tests in a cluster where there's a very restrictive default PodSecurityPolicy.

/kind feature

Metadata

Metadata

Assignees

No one assigned

    Labels

    kind/feature

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions