pod-security-admission
pod-security-admission copied to clipboard
I can't set PSA label on namespace
I don't know whether I can open issue with this ..
I create one namespace 'psans' with "kuberctl create ns psans". Then, I can see follow labes [root@bastion /]# kubectl describe ns psans | grep secu pod-security.kubernetes.io/audit=baseline pod-security.kubernetes.io/audit-version=v1.24 pod-security.kubernetes.io/warn=baseline pod-security.kubernetes.io/warn-version=v1.24
And I can add and remove enforce: [root@bastion /]# kubectl label ns psans pod-security.kubernetes.io/enforce=baseline namespace/psans labeled [root@bastion /]# kubectl describe ns psans | grep secu pod-security.kubernetes.io/audit=baseline pod-security.kubernetes.io/audit-version=v1.24 pod-security.kubernetes.io/enforce=baseline pod-security.kubernetes.io/warn=baseline pod-security.kubernetes.io/warn-version=v1.24 [root@bastion /]# kubectl label ns psans pod-security.kubernetes.io/enforce- namespace/psans unlabeled [root@bastion /]# kubectl describe ns psans | grep secu pod-security.kubernetes.io/audit=baseline pod-security.kubernetes.io/audit-version=v1.24 pod-security.kubernetes.io/warn=baseline pod-security.kubernetes.io/warn-version=v1.24
But I can't remove audit or warn: [root@bastion /]# kubectl label ns psans pod-security.kubernetes.io/audit-version- namespace/psans unlabeled [root@bastion /]# kubectl describe ns psans | grep secu pod-security.kubernetes.io/audit=baseline pod-security.kubernetes.io/audit-version=v1.24 pod-security.kubernetes.io/warn=baseline pod-security.kubernetes.io/warn-version=v1.24 [root@bastion /]# kubectl label ns psans pod-security.kubernetes.io/audit- namespace/psans unlabeled [root@bastion /]# kubectl describe ns psans | grep secu pod-security.kubernetes.io/audit=baseline pod-security.kubernetes.io/audit-version=v1.24 pod-security.kubernetes.io/warn=baseline pod-security.kubernetes.io/warn-version=v1.24
Is it a policy? Otherwise, do I have to use other proper commands?