search

aureq / cert-manager-webhook-ovh

OVH Webhook for Cert Manager
https://aureq.github.io/cert-manager-webhook-ovh/
Apache License 2.0
80 stars 14 forks source link

Allow additional labels on pod #38

Closed hyu9a closed 3 months ago

hyu9a commented 9 months ago

Kubaudit checks for pod securityContext and needs all capabilities to be dropped by default and required capabilities do be explicitly added. These capabilities are tolerated if a corresponding label is set on the pod.

securityContext:
  container:
    privileged: false
    capabilities:
      drop:
        - ALL
      add:
        - NET_BIND_SERVICE

podLabels:
  container.kubeaudit.io/cert-manager-webhook-ovh.allow-capability-net-bind-service: "Required by the app"
aureq commented 3 months ago

@hyu9a Thanks a lot for this PR and suggesting the change. I did a similar implementation as yours. This should be released in 0.7.0 in a few hours/days.