feat(scorecard): add psa labels for scorecard namespace #621
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Welcome to Cryostat! 👋
Before contributing, make sure you have:
main
branch[chore, ci, docs, feat, fix, test]
git commit -S -m "YOUR_COMMIT_MESSAGE"
Related to #450
Description of the change:
Label namespace to
warn
andaudit
violations to restricted standards. This is similar to SCC on OpenShift 4.11 or 4.12 (if I remember correctly).Ideally, we would want to set enforcing mode but there is an issue with the bundle pod (ie.
runAsNonRoot
is nottrue
) - See below.Motivation for the change:
Scorecard pods are run with security contexts conforming to restricted standards.
cryostat-operator/Makefile
Line 141 in 5c3769f
However, scorecard namespace is not labelled to enforce such restricted policy.