Enhance security by leveraging PodSecurityPolicies
PodSecurityPolicies are a way to enhance security in a k8s cluster.
Currently the Kubernetes Operator and the Helm Chart does not offer a way to integrate PSPs. If an administrator wants to enforce PSPs for the cluster where the MongoDB Kubernetes Operator is deployed, he would need to do this manually which leads to additional manual steps (e.g. editing the Operator role to allow "use" "psp").
Please introduce a way to secure the MongoDB Management (Ops Manager, Operator) and Workload (MongoDB custom resources) with PSPs in the Kubernetes Operator / Helm ecosystem.
-
AdminAndrey (Admin, MongoDB) commented
The operator now exposes StsTemplates for each pod type we create, which can not support adding PSP required parameters like runAsUser, allowHostIPC etc
This is now supported. -
AdminAndrey (Admin, MongoDB) commented
The operator can now expose stateful set template for all the pods it manages.
So its possible now to add necessary parameters to our Pods required by PSP