epiphany
epiphany copied to clipboard
hitachienergy
[FEATURE REQUEST] Add support for configurable PodSecurityPolicy setting for Kubernetes
Is your feature request related to a problem? Please describe. Right now we have PodSecurityPolicy with defaults for flannel.
Describe the solution you'd like We need to have configurable PodSecurityPolicy setting with configurable policy and also review our current settings for flannel.
Describe alternatives you've considered None.
Additional context https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ https://kubernetes.io/docs/concepts/policy/pod-security-policy/ Pod Sec - common uses are denying container escalation, prevent containers from running as root, prevent containers from accessing host networking and filesystem, prevent container escalation. DenyEscalatingExec - should be used for containers/pods allowed to run in privileged mode. Denies the use of exec and attach for privlileged containers.
DoD checklist
- Changelog
- [ ] updated
- [ ] not needed
- COMPONENTS.md
- [ ] updated
- [ ] not needed
- Schema
- [ ] updated
- [ ] not needed
- Backport tasks
- [ ] created
- [ ] not needed
- Documentation
- [ ] added
- [ ] updated
- [ ] not needed
- [ ] Feature has automated tests
- [ ] Automated tests passed (QA pipelines)
- [ ] apply
- [ ] upgrade
- [ ] backup/restore
- [ ] Idempotency tested
- [ ] All conversations in PR resolved
- [ ] Solution meets requirements and is done according to design doc
- [ ] Usage compliant with license
@erzetpe, @seriva I believe it's not longer valid: https://github.com/epiphany-platform/epiphany/issues/2900
@rafzei Probably you are right, but the new Kubernetes functionality should have a new issue that will cover this area.