Controls the nil behavior of the field allowPrivilegeEscalation in the SecurityContext object. Useful in cases where the PSP admission controller isn't enabled or available. With PSP this behavior is managed via the *bool type field defaultAllowPrivilegeEscalation in a PodSecurityPolicy resource.
TODO:
- find a better way to test Fiber handlers
- tests for config and health packages
-
webhook should self-manage CA bundle - Github Actions with test and coverage badges
- improve makefile
- release CI upon tagging
- publish container image
- flesh out deploy yaml, add Kustomize support
- provide install instructions
- docs showing behavior
- refactor make target
kubectl-install-buildto run in container - investigate supporting versions
v1andv1beta1of theAdmissionReviewAPI - bump
Certificateincluded in deployment to api versionv1
- Kubernetes version: >= v1.16
- RBAC permissions for the install: ClusterRole cluster-admin
- Installed on cluster: cert-manager
With kustomize:
# kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- github.com/marshallford/default-allow-privilege-escalation/deploy?ref=vX.Y.ZManually with kubectl:
kubectl apply -f https://github.com/marshallford/default-allow-privilege-escalation/releases/latest/download/kubectl-install.yamlExample config.yaml:
logging:
level: info
server:
tls:
enabled: true
app:
default: false # default behavior for nil allowPrivilegeEscalationmake lint
make test
make coveragemake build
make docker-build # builds container imagemake run
make docker-run # runs container image