Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PodSecurityPolicy is a cluster-wide resource and should not have a namespace field #2234

Closed
iakat opened this issue Jun 17, 2020 · 2 comments · Fixed by #2241
Closed

PodSecurityPolicy is a cluster-wide resource and should not have a namespace field #2234

iakat opened this issue Jun 17, 2020 · 2 comments · Fixed by #2241
Labels
component/packaging good first issue These are great first issues. If you are looking for a place to start, start here! help wanted We would love help on these issues. Please come help us! keepalive An issue or PR that will be kept alive and never marked as stale.

Comments

@iakat
Copy link

iakat commented Jun 17, 2020

From https://kubernetes.io/docs/concepts/policy/pod-security-policy/:

A Pod Security Policy is a cluster-level resource that controls security sensitive aspects of the pod specification.

Examples as to where it's set:

loki/production/helm/loki/templates/podsecuritypolicy.yaml

Line 6 in e2a7941

namespace: {{ .Release.Namespace }}

This is an issue when using the manifests through other tools such as Terraform where they hit different API endpoints when a resource is expected to be cluster-wide or namespace-wide, thus resulting in errors until manually fixing the manifests.
@iakat
Copy link
Author

iakat commented Jun 17, 2020

ClusterRole in promtail is also an offender

loki/production/helm/promtail/templates/clusterrole.yaml

Line 11 in e2a7941

namespace: {{ .Release.Namespace }}

iakat pushed a commit to Day2Tech/infra that referenced this issue Jun 17, 2020
loki-stack: Remove namespaces from cluster-wide resources
544c2fa 
Tracked in grafana/loki#2234
@cyriltovena cyriltovena added component/packaging good first issue These are great first issues. If you are looking for a place to start, start here! help wanted We would love help on these issues. Please come help us! keepalive An issue or PR that will be kept alive and never marked as stale. labels Jun 19, 2020
@cyriltovena
Copy link
Contributor

Thanks for reporting! If you want to contribute that’s an easy one ;)

@iakat iakat mentioned this issue Jun 19, 2020
Merged
cyriltovena pushed a commit that referenced this issue Jun 22, 2020
Kubernetes manifests: Remove namespace from cluster-wide resources (#…
d5eb3e4 
…2241)

Fixes #2234
torstenwalter pushed a commit to torstenwalter/grafana-helm-charts that referenced this issue Oct 3, 2020
Kubernetes manifests: Remove namespace from cluster-wide resources (g…
22480f4 
…rafana#2241)

Fixes grafana/loki#2234
mraboosk pushed a commit to mraboosk/loki that referenced this issue Oct 7, 2024
Kubernetes manifests: Remove namespace from cluster-wide resources (g…
a5db285 
…rafana#2241)

Fixes grafana#2234
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
component/packaging good first issue These are great first issues. If you are looking for a place to start, start here! help wanted We would love help on these issues. Please come help us! keepalive An issue or PR that will be kept alive and never marked as stale.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Kubernetes manifests: Remove namespace from cluster-wide resources
2 participants
@cyriltovena @iakat