3 Commits

Author SHA1 Message Date
Pete Birley
2abf62ff4d OSH-Infra: Add emptydirs for tmp
This PS adds emptydirs backing the /tmp directory in pods, which
is required in most cases for full operation when using a read only
filesystem backing the container.

Additionally some yaml indent issues are resolved.

Change-Id: I8b7f1614da059783254aa6efc09facf23fca3cad
Signed-off-by: Pete Birley <pete@port.direct>
2019-04-20 20:50:59 +00:00
Hemanth Nakkina
154f1700b1 Add annotations to podsecuritypolicy
Provide support to add annotations to the podsecuritypolicy. This will
allow to add annotations related to seccomp and apparmor in psp.

Change-Id: I78718ae1f60e8ebee8ac8ba86145bb9ae26491d5
2019-03-16 04:12:16 +00:00
Matt McEuen
eda4b31502 Add PodSecurityPolicy chart
This adds a chart that will generate arbitrary Kubernetes
PodSecurityPolicy objects, and ClusterRoles to provide access to them.
It will also set up one (or zero) default bindings for generic
"categories" of subjects, as desired:
- serviceaccounts
- authenticated users
- unauthenticated users

The default values specify a highly permissive security policy that is
bound by default to serviceaccounts and authenticated users.  The policy
is expected to be refined over time, and should be overridden by
operators per their workloads and security needs.

Change-Id: I69917217f85881b2627706abce66c7044b40a448
2019-01-03 16:13:45 -06:00