make it easier to support locked down clusters #2251
Comments
|
On the other hand PSPs are deprecated in Kubernetes 1.21: https://kubernetes.io/blog/2021/04/06/podsecuritypolicy-deprecation-past-present-and-future/ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
piontec added the following to avoid issues with a jx install on a locked down cluster:
k -n jx create role psp-admin --verb=use --resource=psp --resource-name=privileged - k -n jx create rolebinding bucketrepo --serviceaccount jx:bucketrepo-bucketrepo --role psp-admin - k -n jx create rolebinding check-reaper --serviceaccount jx:check-reaper --role psp-admin - k -n jx create clusterrolebinding jx-check-reaper-admin --serviceaccount jx:check-reaper --clusterrole admin - k -n jx create rolebinding admin-kuberhealthy --serviceaccount jx:kuberhealthy --role psp-admin - k -n jx create rolebinding jx-gx-activities --serviceaccount jx:jx-gcactivities --role psp-admin - k -n jx create rolebinding jx-gcpods --serviceaccount jx:jx-gcpods --role psp-admin - k -n kuberhealthy create role psp-admin --verb=use --resource=psp --resource-name=privileged - k -n kuberhealthy create role psp-admin --verb=use --resource=psp --resource-name=privileged - k -n kuberhealthy create rolebinding admin-kuberhealthy --serviceaccount kuberhealthy:kuberhealthy --role psp-admin - k -n kuberhealthy create rolebinding admin-default --serviceaccount kuberhealthy:default --role psp-admin - k -n kuberhealthy create rolebinding admin-jx-secrets --serviceaccount kuberhealthy:jx-secrets-sa --role psp-adminhopefully we can make this unnecessary with more PSP settings
The text was updated successfully, but these errors were encountered: