mirror of https://github.com/k3s-io/k3s
cc571d1833
Automatic merge from submit-queue (batch tested with PRs 42360, 43109, 43737, 43853) Include pod namespace in PSP 'use' authorization check Follow up to https://github.com/kubernetes/kubernetes/pull/33080/files#diff-291b8dd7d08cc034975ddb3925dbb08fR341 Prior to this PR, when PodSecurityPolicy admission is active, you must be authorized to use a covering PodSecurityPolicy cluster-wide in order to create a pod. This PR changes that to only require a covering PodSecurityPolicy within the pod's namespace. When used in concert with mechanisms that limits pods within a namespace to a particular set of nodes, this can be used to allow users to create privileged pods within specific namespaces only. ```release-note Permission to use a PodSecurityPolicy can now be granted within a single namespace by allowing the `use` verb on the `podsecuritypolicies` resource within the namespace. ``` |
||
|---|---|---|
| .. | ||
| cmd/kube-scheduler | ||
| pkg | ||
| BUILD | ||
| OWNERS | ||