Make pod security policies configurable
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Kubernetes Control Plane Charm |
Fix Released
|
High
|
George Kraft |
Bug Description
[Environment]
Kubernetes 1.19
[Description]
There is no configuration option to allow for a more restrictive PSP policy to be provided when using rbac different to the privileged one provided as a template.
Default cluster role bindings defined for rbac pod security policies [0] are rendered once in the leader unit when setting up the kubernetes-master nodes. Those will get overwritten
if the juju leader changes for any reason (that's up to the consensus protocol and can't be guaranteed).
[0] https:/
[1] https:/
[Possible Solution]
Allow a custom rbad-pod-
the charm to overwrite them.
This is linked to https:/
Changed in charm-kubernetes-master: | |
importance: | Undecided → Medium |
status: | New → Triaged |
tags: | added: review-needed |
Changed in charm-kubernetes-master: | |
importance: | Medium → High |
Changed in charm-kubernetes-master: | |
assignee: | nobody → George Kraft (cynerva) |
milestone: | none → 1.22+ck1 |
Changed in charm-kubernetes-master: | |
status: | In Progress → Fix Committed |
tags: |
added: backport-needed removed: review-needed |
Changed in charm-kubernetes-master: | |
status: | Fix Committed → Fix Released |
Submitted PR https:/ /github. com/charmed- kubernetes/ charm-kubernete s-master/ pull/139