Flavio Castelli
Flavio Castelli
@Martin-Weiss, @raif-ahmed can you check the description of the policy to ensure it matches your requirements?
> @flavio - do we know if the applications we deliver with rancher already follow this rule (not to use the same service account for more than one deployment /...
>Maybe I misundestood as well - does the policy just look at deployments or at pods or even statefulset/daemonset/job as well? > > I understood that this policy seems to...
@Martin-Weiss, @raif-ahmed can you check the description of the policy to ensure it matches your requirements?
> @flavio - is there a reason why you use "underscore" for http_ instead of "dash" like http- in the example configuration settings above? Not really, I changed it to...
I'm fine with that, let's keep the changes to `/internal/pkg/admissionregistration` for later, since they require more work (at least that's my impression)
One way to solve this problem is to extend each policy to have an additional check, like the user mentioned. This is however cumbersome. Other possible solutions I can imagine:...
Yes, the implementation of the policy that checks for the trusted users/groups/service accounts is entirely up to the policy author. We could of course provide a reference implementation. There could...
@jvanz this could be something for you to tackle during the next sprint
Sure, go ahead with option 2