mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-23 19:56:01 +00:00
podsecurity: add an annotation informing about which policy was enforced
This commit is contained in:
parent
65f88c675c
commit
037daeb4fd
@ -432,6 +432,8 @@ func (a *Admission) EvaluatePod(ctx context.Context, nsPolicy api.Policy, nsPoli
|
||||
|
||||
response := allowedResponse()
|
||||
if enforce {
|
||||
auditAnnotations[api.EnforcedPolicyAnnotationKey] = nsPolicy.Enforce.String()
|
||||
|
||||
if result := policy.AggregateCheckResults(a.Evaluator.EvaluatePod(nsPolicy.Enforce, podMetadata, podSpec)); !result.Allowed {
|
||||
response = forbiddenResponse(fmt.Sprintf(
|
||||
"pod violates PodSecurity %q: %s",
|
||||
|
@ -45,5 +45,6 @@ const (
|
||||
WarnVersionLabel = labelPrefix + "warn-version"
|
||||
|
||||
ExemptionReasonAnnotationKey = "exempt"
|
||||
AuditViolationsAnnotationKey = "audit-violations"
|
||||
AuditViolationsAnnotationKey = "audit-violations"
|
||||
EnforcedPolicyAnnotationKey = "enforce-policy"
|
||||
)
|
||||
|
Loading…
Reference in New Issue
Block a user