Investigate Capabilities and Security Context Constraints

freeipa / freeipa-operator

EXPERIMENTAL kubernetes operator for FreeIPA

31 stars 5 forks source link

Investigate Capabilities and Security Context Constraints #12

Closed avisiedo closed 4 years ago

avisiedo commented 4 years ago

Proof of concept which launch ipa-server-install using the process defined at freeipa-container repository. It is important here the list of capabilities and the set of objects related with the service account object which is associated to the Pod. The list of capabilities are the minimal for finishing the init-volume initContainer process.

For launching this proof of concept:

Modify poc-003-admin.yaml and set the references from the namespace avisiedo-init-container to your namespace.

avisiedo commented 4 years ago

Outdated: Please don't merge the PR yet, I need to review some comments to gather some information for a new ticket.

Update: New ticket created for removing 'allowHostDirVolumePlugin: true' from the SCC object.

frasertweedale commented 4 years ago

@avisiedo thank you for the updates. Merging now.