Open JayJay-K opened 1 year ago
does the cluster have an admission webhook that is automatically adding audit/warn labels?
The Kubernetes project currently lacks enough contributors to adequately respond to all issues.
This bot triages un-triaged issues according to the following rules:
lifecycle/stale
is appliedlifecycle/stale
was applied, lifecycle/rotten
is appliedlifecycle/rotten
was applied, the issue is closedYou can:
/remove-lifecycle stale
/close
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale
/remove-lifecycle stale
The Kubernetes project currently lacks enough contributors to adequately respond to all issues.
This bot triages un-triaged issues according to the following rules:
lifecycle/stale
is appliedlifecycle/stale
was applied, lifecycle/rotten
is appliedlifecycle/rotten
was applied, the issue is closedYou can:
/remove-lifecycle stale
/close
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.
This bot triages un-triaged issues according to the following rules:
lifecycle/stale
is appliedlifecycle/stale
was applied, lifecycle/rotten
is appliedlifecycle/rotten
was applied, the issue is closedYou can:
/remove-lifecycle rotten
/close
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle rotten
/remove-lifecycle rotten
/triage needs-information
I don't know whether I can open issue with this ..
I create one namespace 'psans' with "kuberctl create ns psans". Then, I can see follow labes [root@bastion /]# kubectl describe ns psans | grep secu pod-security.kubernetes.io/audit=baseline pod-security.kubernetes.io/audit-version=v1.24 pod-security.kubernetes.io/warn=baseline pod-security.kubernetes.io/warn-version=v1.24
And I can add and remove enforce: [root@bastion /]# kubectl label ns psans pod-security.kubernetes.io/enforce=baseline namespace/psans labeled [root@bastion /]# kubectl describe ns psans | grep secu pod-security.kubernetes.io/audit=baseline pod-security.kubernetes.io/audit-version=v1.24 pod-security.kubernetes.io/enforce=baseline pod-security.kubernetes.io/warn=baseline pod-security.kubernetes.io/warn-version=v1.24 [root@bastion /]# kubectl label ns psans pod-security.kubernetes.io/enforce- namespace/psans unlabeled [root@bastion /]# kubectl describe ns psans | grep secu pod-security.kubernetes.io/audit=baseline pod-security.kubernetes.io/audit-version=v1.24 pod-security.kubernetes.io/warn=baseline pod-security.kubernetes.io/warn-version=v1.24
But I can't remove audit or warn: [root@bastion /]# kubectl label ns psans pod-security.kubernetes.io/audit-version- namespace/psans unlabeled [root@bastion /]# kubectl describe ns psans | grep secu pod-security.kubernetes.io/audit=baseline pod-security.kubernetes.io/audit-version=v1.24 pod-security.kubernetes.io/warn=baseline pod-security.kubernetes.io/warn-version=v1.24 [root@bastion /]# kubectl label ns psans pod-security.kubernetes.io/audit- namespace/psans unlabeled [root@bastion /]# kubectl describe ns psans | grep secu pod-security.kubernetes.io/audit=baseline pod-security.kubernetes.io/audit-version=v1.24 pod-security.kubernetes.io/warn=baseline pod-security.kubernetes.io/warn-version=v1.24
Is it a policy? Otherwise, do I have to use other proper commands?