Skip to content

masters-of-cats/security-operator

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
build
build
 
 
cmd/manager
cmd/manager
 
 
deploy
deploy
 
 
pkg
pkg
 
 
version
version
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
frig-replica-set-security.yml
frig-replica-set-security.yml
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
tools.go
tools.go
 
 

Repository files navigation

This is a K8S operator that automatically binds a subject to a pod security policy via a PodSecurityPolicyBinding custom resource

How to use it

  1. Setup a dedicated operator namespace and configure the operator into it:
kubectl -n operator apply -f deploy/setup-operator.yaml
  1. Create the "deployer" namespace and setup the deployer service account (in our example the namespace is called foo)
kubectl -n foo apply -f deploy/deployer_service_account.yaml
  1. Create the PodSecurityPolicyBinding custom resource into the operator namespace (so that the operator configures the deployer user with the pod security policy)
kubectl -n operator apply -f deploy/crds/map_deployer_to_podsecurity_cr.yaml
  1. Create a pod as deployer
kubectl -n foo --as system:serviceaccount:foo:deployer apply -f deploy/pod.yml
  1. Success The pod has both seccomp and apparomour profiles enabled

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages