compliantkubernetes-kubespray icon indicating copy to clipboard operation
compliantkubernetes-kubespray copied to clipboard

Published 20 hours ago verified publisher icon elastisys

Enable `PodTolerationRestriction`

Open Xartos opened this issue 1 year ago • 0 comments

Is your feature request related to a problem? Please describe. A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

We might want to enable the PodTolerationRestriction admission controller to be able to restrict what tolerations pods in certain namespaces should be able to use.

This might be useful if platform admins need to have isolated nodes for specific workloads and to restrict such that application developers don't (by mistake or on purpose) set tolerations such that it interferes with the other workload.

Describe the solution you'd like A clear and concise description of what you want to happen.

Enable the admission controller so we are able to set up such restrictions.

Describe alternatives you've considered A clear and concise description of any alternative solutions or features you've considered.

Not enabling this.

Additional context Add any other context or screenshots about the feature request here.

Definition of done: When could this feature be considered done.

  • PodTolerationRestriction admission controller is enabled in the config

Xartos avatar Jul 13 '23 07:07 Xartos