From f4d8592d3fba1675e1a492b886831b6fb8a20f16 Mon Sep 17 00:00:00 2001 From: biswajit-9776 <115724497+biswajit-9776@users.noreply.github.com> Date: Mon, 1 Jul 2024 22:55:43 +0530 Subject: [PATCH] Patch further static namespaces with PSS labels (#2768) * Patched other namespaces in common with PSS labels Signed-off-by: biswajit-9776 * Patched dex and oauth2-proxy namespace with PSS labels Signed-off-by: biswajit-9776 --------- Signed-off-by: biswajit-9776 Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> --- contrib/security/PSS/static/baseline/kustomization.yaml | 3 +++ .../PSS/static/baseline/patches/cert-manager-labels.yaml | 6 ++++++ .../security/PSS/static/baseline/patches/dex-labels.yaml | 6 ++++++ .../PSS/static/baseline/patches/oauth2-proxy-labels.yaml | 6 ++++++ contrib/security/PSS/static/restricted/kustomization.yaml | 5 ++++- .../PSS/static/restricted/patches/cert-manager-labels.yaml | 6 ++++++ .../security/PSS/static/restricted/patches/dex-labels.yaml | 6 ++++++ .../PSS/static/restricted/patches/oauth2-proxy-labels.yaml | 6 ++++++ 8 files changed, 43 insertions(+), 1 deletion(-) create mode 100644 contrib/security/PSS/static/baseline/patches/cert-manager-labels.yaml create mode 100644 contrib/security/PSS/static/baseline/patches/dex-labels.yaml create mode 100644 contrib/security/PSS/static/baseline/patches/oauth2-proxy-labels.yaml create mode 100644 contrib/security/PSS/static/restricted/patches/cert-manager-labels.yaml create mode 100644 contrib/security/PSS/static/restricted/patches/dex-labels.yaml create mode 100644 contrib/security/PSS/static/restricted/patches/oauth2-proxy-labels.yaml diff --git a/contrib/security/PSS/static/baseline/kustomization.yaml b/contrib/security/PSS/static/baseline/kustomization.yaml index 0b0db4660a..3eea89f2c3 100644 --- a/contrib/security/PSS/static/baseline/kustomization.yaml +++ b/contrib/security/PSS/static/baseline/kustomization.yaml @@ -4,3 +4,6 @@ kind: Component patches: - path: patches/kubeflow-labels.yaml - path: patches/istio-labels.yaml +- path: patches/cert-manager-labels.yaml +- path: patches/dex-labels.yaml +- path: patches/oauth2-proxy-labels.yaml diff --git a/contrib/security/PSS/static/baseline/patches/cert-manager-labels.yaml b/contrib/security/PSS/static/baseline/patches/cert-manager-labels.yaml new file mode 100644 index 0000000000..7ca928a1a1 --- /dev/null +++ b/contrib/security/PSS/static/baseline/patches/cert-manager-labels.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cert-manager + labels: + pod-security.kubernetes.io/enforce: baseline \ No newline at end of file diff --git a/contrib/security/PSS/static/baseline/patches/dex-labels.yaml b/contrib/security/PSS/static/baseline/patches/dex-labels.yaml new file mode 100644 index 0000000000..2498c1396a --- /dev/null +++ b/contrib/security/PSS/static/baseline/patches/dex-labels.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: auth + labels: + pod-security.kubernetes.io/enforce: baseline \ No newline at end of file diff --git a/contrib/security/PSS/static/baseline/patches/oauth2-proxy-labels.yaml b/contrib/security/PSS/static/baseline/patches/oauth2-proxy-labels.yaml new file mode 100644 index 0000000000..62cf0377e2 --- /dev/null +++ b/contrib/security/PSS/static/baseline/patches/oauth2-proxy-labels.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: oauth2-proxy + labels: + pod-security.kubernetes.io/enforce: baseline \ No newline at end of file diff --git a/contrib/security/PSS/static/restricted/kustomization.yaml b/contrib/security/PSS/static/restricted/kustomization.yaml index bc566efe95..ec133f809c 100644 --- a/contrib/security/PSS/static/restricted/kustomization.yaml +++ b/contrib/security/PSS/static/restricted/kustomization.yaml @@ -3,4 +3,7 @@ kind: Component patches: - path: patches/kubeflow-labels.yaml -- path: patches/istio-labels.yaml \ No newline at end of file +- path: patches/istio-labels.yaml +- path: patches/cert-manager-labels.yaml +- path: patches/dex-labels.yaml +- path: patches/oauth2-proxy-labels.yaml \ No newline at end of file diff --git a/contrib/security/PSS/static/restricted/patches/cert-manager-labels.yaml b/contrib/security/PSS/static/restricted/patches/cert-manager-labels.yaml new file mode 100644 index 0000000000..0f4608ccab --- /dev/null +++ b/contrib/security/PSS/static/restricted/patches/cert-manager-labels.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cert-manager + labels: + pod-security.kubernetes.io/enforce: restricted \ No newline at end of file diff --git a/contrib/security/PSS/static/restricted/patches/dex-labels.yaml b/contrib/security/PSS/static/restricted/patches/dex-labels.yaml new file mode 100644 index 0000000000..01e6efcc92 --- /dev/null +++ b/contrib/security/PSS/static/restricted/patches/dex-labels.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: auth + labels: + pod-security.kubernetes.io/enforce: restricted \ No newline at end of file diff --git a/contrib/security/PSS/static/restricted/patches/oauth2-proxy-labels.yaml b/contrib/security/PSS/static/restricted/patches/oauth2-proxy-labels.yaml new file mode 100644 index 0000000000..99b0289ed8 --- /dev/null +++ b/contrib/security/PSS/static/restricted/patches/oauth2-proxy-labels.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: oauth2-proxy + labels: + pod-security.kubernetes.io/enforce: restricted \ No newline at end of file