openshift / cluster-debug-tools

Unsupported tools used to investigate broken clusters.

Apache License 2.0

26 stars 28 forks source link

psa: add dynamic psa-level handling #41

Closed ibihim closed 1 year ago

ibihim commented 1 year ago

What

Add the functionality to enforce the strictest of the warn and audit pod security labels, instead of just a fixed level.

Why

On a run against all namespaces, it would try to enforce a restricted level, on namespaces that consciously made the decision to be privileged (or baseline).

deads2k commented 1 year ago

/approve

will leave lgtm with the team.

s-urbaniak commented 1 year ago

/lgtm