b564454bab
Where possible, use securityContext settings which will work with the most restrictive Pod Security Admission policy level (as of Kube 1.25). Where privileged containers are needed, use the namespace-level annotation to allow them. Also adjust some integration tests to make similar changes to allow the integration tests to pass on test clusters which use restricted PSAs.
14 lines
488 B
YAML
14 lines
488 B
YAML
#! Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
|
#! SPDX-License-Identifier: Apache-2.0
|
|
|
|
---
|
|
apiVersion: v1
|
|
kind: Namespace
|
|
metadata:
|
|
name: tools
|
|
labels:
|
|
# When deploying onto a cluster which has PSAs enabled by default for namespaces,
|
|
# effectively disable them for this namespace. This namespace is only for integration
|
|
# testing helper tools, and should never be deployed in production installs.
|
|
pod-security.kubernetes.io/enforce: privileged
|