Thanks to visit codestin.com
Credit goes to github.com

Skip to content

[global] Exclusion from PSS checks based on labels #15585

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 2 commits into from
Closed

[global] Exclusion from PSS checks based on labels #15585

wants to merge 2 commits into from

Conversation

@Suselz
Copy link
Member

@Suselz Suselz commented Sep 23, 2025

Description

Currently, all namespace deckhouses are excluded from admission-policy-engine checks.
This is because there is no convenient tool for setting specific exceptions to checks for specific services. In this PR, I'm adding these mechanisms as lib_helm library and also demonstrating how to use these new features using a single node-exporter service.

Why do we need it, and what problem does it solve?

Security improvements

Checklist

  • The code is covered by unit tests.
  • e2e tests passed.
  • Documentation updated according to the changes.
  • Changes were tested in the Kubernetes cluster manually.

Changelog entries

section: admission-policy-engine
type: feature 
summary: security improvements  #CHANGE ME
impact_level: default

@Suselz Suselz added this to the v1.75.0 milestone Sep 23, 2025
@Suselz Suselz self-assigned this Sep 23, 2025
@Suselz Suselz added the area/security Pull requests that update security modules label Sep 23, 2025
@github-actions github-actions bot added area/monitoring Pull requests that update monitoring modules area/core Pull requests that update core modules labels Sep 23, 2025
@Suselz Suselz marked this pull request as draft September 23, 2025 13:49
@Suselz
fix
1de715e 
Signed-off-by: suselz <[email protected]>
@Suselz Suselz closed this Oct 24, 2025
@Suselz
Copy link
Member Author

Suselz commented Oct 24, 2025

The concept has changed. It is no longer required.
Transform to changes #16162

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@name212 name212 Awaiting requested review from name212 name212 is a code owner

@sprait sprait Awaiting requested review from sprait sprait is a code owner

@vladimirGuryanov vladimirGuryanov Awaiting requested review from vladimirGuryanov vladimirGuryanov is a code owner

@lazovskiy lazovskiy Awaiting requested review from lazovskiy lazovskiy is a code owner

@yalosev yalosev Awaiting requested review from yalosev yalosev is a code owner

@ldmonster ldmonster Awaiting requested review from ldmonster ldmonster is a code owner

Assignees

@Suselz Suselz

Labels

area/core Pull requests that update core modules area/monitoring Pull requests that update monitoring modules area/security Pull requests that update security modules

Projects

None yet

Milestone

v1.75.0

Development

Successfully merging this pull request may close these issues.

2 participants

@Suselz