I can't set PSA label on namespace

[JayJay-K]

I don't know whether I can open issue with this ..

I create one namespace 'psans' with "kuberctl create ns psans". Then, I can see follow labes [root@bastion /]# kubectl describe ns psans | grep secu pod-security.kubernetes.io/audit=baseline pod-security.kubernetes.io/audit-version=v1.24 pod-security.kubernetes.io/warn=baseline pod-security.kubernetes.io/warn-version=v1.24

And I can add and remove enforce: [root@bastion /]# kubectl label ns psans pod-security.kubernetes.io/enforce=baseline namespace/psans labeled [root@bastion /]# kubectl describe ns psans | grep secu pod-security.kubernetes.io/audit=baseline pod-security.kubernetes.io/audit-version=v1.24 pod-security.kubernetes.io/enforce=baseline pod-security.kubernetes.io/warn=baseline pod-security.kubernetes.io/warn-version=v1.24 [root@bastion /]# kubectl label ns psans pod-security.kubernetes.io/enforce- namespace/psans unlabeled [root@bastion /]# kubectl describe ns psans | grep secu pod-security.kubernetes.io/audit=baseline pod-security.kubernetes.io/audit-version=v1.24 pod-security.kubernetes.io/warn=baseline pod-security.kubernetes.io/warn-version=v1.24

But I can't remove audit or warn: [root@bastion /]# kubectl label ns psans pod-security.kubernetes.io/audit-version- namespace/psans unlabeled [root@bastion /]# kubectl describe ns psans | grep secu pod-security.kubernetes.io/audit=baseline pod-security.kubernetes.io/audit-version=v1.24 pod-security.kubernetes.io/warn=baseline pod-security.kubernetes.io/warn-version=v1.24 [root@bastion /]# kubectl label ns psans pod-security.kubernetes.io/audit- namespace/psans unlabeled [root@bastion /]# kubectl describe ns psans | grep secu pod-security.kubernetes.io/audit=baseline pod-security.kubernetes.io/audit-version=v1.24 pod-security.kubernetes.io/warn=baseline pod-security.kubernetes.io/warn-version=v1.24

Is it a policy? Otherwise, do I have to use other proper commands?

[liggitt]

does the cluster have an admission webhook that is automatically adding audit/warn labels?

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle stale
• Close this issue with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[kundan2707]

/remove-lifecycle stale

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle stale
• Close this issue with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle rotten
• Close this issue with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

[kundan2707]

/remove-lifecycle rotten

[kundan2707]

/triage needs-information