New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
I can't set PSA label on namespace #9
Comments
does the cluster have an admission webhook that is automatically adding audit/warn labels? |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
/remove-lifecycle stale |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
I don't know whether I can open issue with this ..
I create one namespace 'psans' with "kuberctl create ns psans".
Then, I can see follow labes
[root@bastion /]# kubectl describe ns psans | grep secu
pod-security.kubernetes.io/audit=baseline
pod-security.kubernetes.io/audit-version=v1.24
pod-security.kubernetes.io/warn=baseline
pod-security.kubernetes.io/warn-version=v1.24
And I can add and remove enforce:
[root@bastion /]# kubectl label ns psans pod-security.kubernetes.io/enforce=baseline
namespace/psans labeled
[root@bastion /]# kubectl describe ns psans | grep secu
pod-security.kubernetes.io/audit=baseline
pod-security.kubernetes.io/audit-version=v1.24
pod-security.kubernetes.io/enforce=baseline
pod-security.kubernetes.io/warn=baseline
pod-security.kubernetes.io/warn-version=v1.24
[root@bastion /]# kubectl label ns psans pod-security.kubernetes.io/enforce-
namespace/psans unlabeled
[root@bastion /]# kubectl describe ns psans | grep secu
pod-security.kubernetes.io/audit=baseline
pod-security.kubernetes.io/audit-version=v1.24
pod-security.kubernetes.io/warn=baseline
pod-security.kubernetes.io/warn-version=v1.24
But I can't remove audit or warn:
[root@bastion /]# kubectl label ns psans pod-security.kubernetes.io/audit-version-
namespace/psans unlabeled
[root@bastion /]# kubectl describe ns psans | grep secu
pod-security.kubernetes.io/audit=baseline
pod-security.kubernetes.io/audit-version=v1.24
pod-security.kubernetes.io/warn=baseline
pod-security.kubernetes.io/warn-version=v1.24
[root@bastion /]# kubectl label ns psans pod-security.kubernetes.io/audit-
namespace/psans unlabeled
[root@bastion /]# kubectl describe ns psans | grep secu
pod-security.kubernetes.io/audit=baseline
pod-security.kubernetes.io/audit-version=v1.24
pod-security.kubernetes.io/warn=baseline
pod-security.kubernetes.io/warn-version=v1.24
Is it a policy? Otherwise, do I have to use other proper commands?
The text was updated successfully, but these errors were encountered: