cheshire
/
hscloud
forked from hswaw/hscloud
1
0
Fork 0
Code Pull Requests Activity
1,255 Commits
1 Branch
0 Tags
55 MiB
Commit Graph

4 Commits (master)

Author SHA1 Message Date
q3k 35d437883b kube/policies: implement mostlysecure 
This now allows to run apt and should allow to run most upstream docker
images. In return, we prohibit some mildly sketchy stuff. But this is
safe enough for project namespaces with limited administrative access.

We should still get gvisor sooner than later...

Change-Id: Ida5ccfae440bacb6f3fd55dcc34ca0addfddd5ae
 2020-08-23 11:32:44 +00:00
q3k e3432ee775 kube/policies: implement mostlysecure 
Change-Id: I0f5dc29f9fc3ad534ddda766a79bb18e64757a6c
 2020-05-11 20:17:11 +02:00
q3k c33ebcc79f cluster: add ceph-waw3, move metallb to bgp 
Change-Id: Iebf369f9a02e44be163ef4afc2e0f23c4b009898
 2019-11-01 18:43:45 +01:00
q3k b13b7ffcdb prod{access,vider}: implement 
Prodaccess/Prodvider allow issuing short-lived certificates for all SSO
users to access the kubernetes cluster.

Currently, all users get a personal-$username namespace in which they
have adminitrative rights. Otherwise, they get no access.

In addition, we define a static CRB to allow some admins access to
everything. In the future, this will be more granular.

We also update relevant documentation.

Change-Id: Ia18594eea8a9e5efbb3e9a25a04a28bbd6a42153
 2019-08-30 23:08:18 +02:00