Add PSA namespace label syncer clusterrole to bypass clusterroles - Githubissues

appuio / component-appuio-cloud

APPUiO Cloud

https://hub.syn.tools/appuio-cloud/index.html

BSD 3-Clause "New" or "Revised" License

0 stars 1 forks source link

Add PSA namespace label syncer clusterrole to bypass clusterroles #140

Closed simu closed 1 year ago

simu commented 1 year ago

On OpenShift 4.11 the podsecurity-admission-label-syncer-controller needs to modify namespace labels to ensure the namespace's PSA labels match the most privileged SCC that can be used in the namespace, cf. https://docs.appuio.cloud/user/explanation/pod-security-admissions.html

Checklist

[x] PR contains a single logical change (to build a better changelog).
[x] Update the documentation.
[x] Categorize the PR by setting a good title and adding one of the labels: bug, enhancement, documentation, change, breaking, dependency as they show up in the changelog.