Feature 10948: Set pod security label to helm EE namespaces

author Gabriel Cuba <gcuba@whitestack.com>

Wed, 17 May 2023 06:32:50 +0000 (01:32 -0500)

committer garciadeblas <gerardo.garciadeblas@telefonica.com>

Tue, 30 May 2023 15:34:08 +0000 (17:34 +0200)
author Gabriel Cuba <gcuba@whitestack.com>
Wed, 17 May 2023 06:32:50 +0000 (01:32 -0500)
committer garciadeblas <gerardo.garciadeblas@telefonica.com>
Tue, 30 May 2023 15:34:08 +0000 (17:34 +0200)
diff --git a/osm_lcm/data_utils/lcm_config.py b/osm_lcm/data_utils/lcm_config.py

index 711d76a..4384021 100644 (file)
--- a/osm_lcm/data_utils/lcm_config.py
+++ b/osm_lcm/data_utils/lcm_config.py
@@ -122,6 +122,7 @@ class VcaConfig(OsmConfigman):
      eegrpcinittimeout: int = None
      eegrpctimeout: int = None
      eegrpc_tls_enforce: bool = False
+    eegrpc_pod_admission_policy: str = "baseline"
      loglevel: str = "DEBUG"
      logfile: str = None
      ca_store: str = "/etc/ssl/certs/osm-ca.crt"
diff --git a/osm_lcm/lcm_helm_conn.py b/osm_lcm/lcm_helm_conn.py

index 30eba46..d7db639 100644 (file)
--- a/osm_lcm/lcm_helm_conn.py
+++ b/osm_lcm/lcm_helm_conn.py
@@ -432,6 +432,9 @@ class LCMHelmConn(N2VCConnector, LcmBase):
          await self._k8sclusterhelm3.create_namespace(
              namespace=name,
              cluster_uuid=system_cluster_uuid,
+            labels={
+                "pod-security.kubernetes.io/enforce": self.vca_config.eegrpc_pod_admission_policy
+            },
          )
          await self._k8sclusterhelm3.setup_default_rbac(
              name="ee-role",
author	Gabriel Cuba <gcuba@whitestack.com>
	Wed, 17 May 2023 06:32:50 +0000 (01:32 -0500)
committer	garciadeblas <gerardo.garciadeblas@telefonica.com>
	Tue, 30 May 2023 15:34:08 +0000 (17:34 +0200)
osm_lcm/data_utils/lcm_config.py		patch \| blob \| history
osm_lcm/lcm_helm_conn.py		patch \| blob \| history