Skip to content

Commit

Permalink
Patch further static namespaces with PSS labels (#2768)
Browse files Browse the repository at this point in the history
* Patched other namespaces in common with PSS labels

Signed-off-by: biswajit-9776 <[email protected]>

* Patched dex and oauth2-proxy namespace with PSS labels

Signed-off-by: biswajit-9776 <[email protected]>

---------

Signed-off-by: biswajit-9776 <[email protected]>
  • Loading branch information
biswajit-9776 authored Jul 1, 2024
1 parent 38a8183 commit 83e35d7
Show file tree
Hide file tree
Showing 8 changed files with 43 additions and 1 deletion.
3 changes: 3 additions & 0 deletions contrib/security/PSS/static/baseline/kustomization.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,3 +4,6 @@ kind: Component
patches:
- path: patches/kubeflow-labels.yaml
- path: patches/istio-labels.yaml
- path: patches/cert-manager-labels.yaml
- path: patches/dex-labels.yaml
- path: patches/oauth2-proxy-labels.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: cert-manager
labels:
pod-security.kubernetes.io/enforce: baseline
6 changes: 6 additions & 0 deletions contrib/security/PSS/static/baseline/patches/dex-labels.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: auth
labels:
pod-security.kubernetes.io/enforce: baseline
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: oauth2-proxy
labels:
pod-security.kubernetes.io/enforce: baseline
5 changes: 4 additions & 1 deletion contrib/security/PSS/static/restricted/kustomization.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,4 +3,7 @@ kind: Component

patches:
- path: patches/kubeflow-labels.yaml
- path: patches/istio-labels.yaml
- path: patches/istio-labels.yaml
- path: patches/cert-manager-labels.yaml
- path: patches/dex-labels.yaml
- path: patches/oauth2-proxy-labels.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: cert-manager
labels:
pod-security.kubernetes.io/enforce: restricted
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: auth
labels:
pod-security.kubernetes.io/enforce: restricted
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: oauth2-proxy
labels:
pod-security.kubernetes.io/enforce: restricted

0 comments on commit 83e35d7

Please sign in to comment.