b5eadb5d6b
Automatic merge from submit-queue (batch tested with PRs 46489, 46281, 46463, 46114, 43946) Allow PSP's to specify a whitelist of allowed paths for host volume **What this PR does / why we need it**: This PR adds the ability to whitelist paths for the host volume to ensure pods cannot access directories they aren't supposed to. E.g. `/var/lib/kubelet`, `/etc/kubernetes/*`, etc. **Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #29326 **Special notes for your reviewer**: **Release note**: ```release-note Allow PSP's to specify a whitelist of allowed paths for host volume based on path prefixes ```
Kubernetes Documentation: releases.k8s.io/HEAD
-
The User's guide is for anyone who wants to run programs and services on an existing Kubernetes cluster.
-
The Cluster Admin's guide is for anyone setting up a Kubernetes cluster or administering it.
-
The Developer guide is for anyone wanting to write programs that access the Kubernetes API, write plugins or extensions, or modify the core code of Kubernetes.
-
The Kubectl Command Line Interface is a detailed reference on the
kubectlCLI. -
The API object documentation is a detailed description of all fields found in core API objects.
-
An overview of the Design of Kubernetes
-
There are example files and walkthroughs in the examples folder.
-
If something went wrong, see the troubleshooting guide for how to debug. You should also check the known issues for the release you're using.
-
To report a security issue, see Reporting a Security Issue.