mirror of
https://github.com/holos-run/holos.git
synced 2026-03-20 01:04:59 +00:00
6b156e9883
This patch adds the `pod-security.kubernetes.io/enforce: privileged` label to the ceph-system namespace. The Namespace resources are managed all over the map, it would be a good idea to consolidate the PlatformNamespaces data into one well known place for the entire platform. Eschewing for now.
18 lines
581 B
CUE
18 lines
581 B
CUE
package holos
|
|
|
|
// #PlatformNamespaces is the union of all namespaces across all cluster types. Namespaces are created in all clusters regardless of if they're
|
|
// used within the cluster or not. The is important for security and consistency with IAM, RBAC, and Secrets sync between clusters.
|
|
#PlatformNamespaces: [
|
|
{name: "external-secrets"},
|
|
{name: "holos-system"},
|
|
{name: "flux-system"},
|
|
{
|
|
name: "ceph-system"
|
|
labels: "pod-security.kubernetes.io/enforce": "privileged"
|
|
},
|
|
{name: "istio-system"},
|
|
{name: "istio-ingress"},
|
|
{name: "cert-manager"},
|
|
{name: "argocd"},
|
|
]
|