Kaizhe Huang
Kaizhe Huang
@caleyg do you have a sample yaml that I can test with?
@paper2 thanks for PR, let me think about it and get back to you soon.
> in making a psp because kube-psp-advisor sets required fields as loose policy automatically. I don't think that's the case. The default settings follow the psp default value. To me,...
I originally thought this was about a customized default settings will take the priority over the suggested one. However, If you look at your example: 1. the `runAsUser` in the...
> securityContext:
> I want the result includes only the original suggested by psp-advisor. > I assume this default settings is used when psp-advisor can't find explicit fields. I don't understand. Please...
> Convert command creates a psp using a source manifest. > If source manifest has not explicit fields(e.g. runAsUser), psp-advisor use default value of securityContext. In this case only, I...
@caleyg thank you for the suggestion. I think that makes a lot sense and will add it soon.
@caleyg ``` Usage: kube-psp-advisor inspect [flags] Flags: --deny-by-default (optional) OPA default rule: use this option if OPA default rule is Deny ALL -e, --exclude-namespaces strings (optional) comma separated list of...
> The idea here is that the agent could get the initial trust bundle from the SPIRE server itself, over an HTTPS connection. The SPIRE server already serves these using...