PodSecurityPolicy does not work correctly with kube-controller-manager connecting via insecure port
Bug #1841965 reported by
George Kraft
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Kubernetes Control Plane Charm |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
From https:/
> At this moment controller managers services are talking to API server on the insecured port. (i.e:: auth and authz bypassed) PodSecurityPolicy need controller-manager service running, authentificated with it's own credential. Otherwise all PodSecurityPolicy objects would be allowed for each Pod created by controller-manager (ReplicaSet, Deployment...)
Changed in charm-kubernetes-master: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Fixed by https:/ /github. com/charmed- kubernetes/ charm-kubernete s-master/ pull/46
Thanks to pierrop for the contribution!