mirror of https://github.com/k3s-io/k3s
96d81fe688
Automatic merge from submit-queue (batch tested with PRs 52367, 53363, 54989, 54872, 54643). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Basic GCE PodSecurityPolicy Config **What this PR does / why we need it**: This PR lays the foundation for enabling PodSecurityPolicy in GCE and other default deployments. The 3 commits are: 1. Add policies, roles & bindings for the default addons on GCE. 2. Enable the PSP admission controller & load the addon policies when the`ENABLE_POD_SECURITY_POLICY=true` environment variable is set. 3. Support the PodSecurityPolicy in the E2E environment & add PSP tests. NOTES: - ~~Depends on https://github.com/kubernetes/kubernetes/pull/52301 for privileged capabilities~~ - ~~Depends on https://github.com/kubernetes/kubernetes/pull/52849 for sane mutations~~ - ~~Depends on https://github.com/kubernetes/kubernetes/pull/53479 for aggregator tests to pass~~ - ~~Depends on https://github.com/kubernetes/kubernetes/pull/54175 for dedicated fluentd service~~ account - This PR is a fork of https://github.com/kubernetes/kubernetes/pull/46064, credit to @Q-Lee **Which issue this PR fixes**: #43538 **Release note**: ```release-note Add support for PodSecurityPolicy on GCE: `ENABLE_POD_SECURITY_POLICY=true` enables the admission controller, and installs policies for default addons. ``` |
||
|---|---|---|
| .. | ||
| addons | ||
| container-linux | ||
| debian | ||
| gci | ||
| BUILD | ||
| OWNERS | ||
| config-common.sh | ||
| config-default.sh | ||
| config-test.sh | ||
| configure-vm.sh | ||
| cos | ||
| delete-stranded-load-balancers.sh | ||
| list-resources.sh | ||
| ubuntu | ||
| upgrade.sh | ||
| util.sh | ||