github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
b81a192a84b3d23e70fff00da889dc642fa38c27
kubernetes/staging
History
Kubernetes Submit Queue f73101066a Merge pull request #58647 from oracle/for/upstream/master/hostpath-psp-readonly 
Automatic merge from submit-queue (batch tested with PRs 64344, 64709, 64717, 63631, 58647). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Add support for enforcing read only host paths in PSPs. 

**What this PR does / why we need it**:

This PR adds support for the PSP to enforce that host paths are readonly. 

**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #57371
xref https://github.com/kubernetes/features/issues/5

**Special notes for your reviewer**:

**Release note**:

```release-note
PodSecurityPolicy now supports restricting hostPath volume mounts to be readOnly and under specific path prefixes
```

/cc @ericchiang @liggitt
2018-06-05 02:16:21 -07:00
..
src/k8s.io
Merge pull request #58647 from oracle/for/upstream/master/hostpath-psp-readonly
2018-06-05 02:16:21 -07:00
BUILD
Run hack/update-all.sh
2018-05-24 09:55:33 -07:00
OWNERS
README.md
Add link to k8s.io/sample-controller
2017-10-19 15:46:36 +01:00

README.md

External Repository Staging Area

This directory is the staging area for packages that have been split to their own repository. The content here will be periodically published to respective top-level k8s.io repositories.

Repositories currently staged here:

The code in the staging/ directory is authoritative, i.e. the only copy of the code. You can directly modify such code.

Using staged repositories from Kubernetes code

Kubernetes code uses the repositories in this directory via symlinks in the vendor/k8s.io directory into this staging area. For example, when Kubernetes code imports a package from the k8s.io/client-go repository, that import is resolved to staging/src/k8s.io/client-go relative to the project root:

// pkg/example/some_code.go
package example

import (
  "k8s.io/client-go/dynamic" // resolves to staging/src/k8s.io/client-go/dynamic
)

Once the change-over to external repositories is complete, these repositories will actually be vendored from k8s.io/<package-name>.