chore: Prepare 1.24.x release with privileged labels

This patch prepares the switch to Kubernetes 1.24.x which switches to PSS instead of PSP. Therefore it's a good start to prepare our most important namespaces with the relevant labels to allow Pods to use privileged runtime features. References: https://kubernetes.io/docs/concepts/security/pod-security-standards/ https://v1-23.docs.kubernetes.io/docs/concepts/security/pod-security-policy/ https://v1-23.docs.kubernetes.io/docs/tasks/configure-pod-container/migrate-from-psp/

chore: Prepare 1.24.x release with privileged labels
09b6dbe2 · Sheogorath · 4e635d45 · 09b6dbe2 · 09b6dbe2 · 09b6dbe2
Verified Commit 09b6dbe2 authored 2 years ago by Sheogorath
--- a/bootstrap/calico/namespace.yaml
+++ b/bootstrap/calico/namespace.yaml
@@ -3,4 +3,7 @@ kind: Namespace
 metadata:
  name: tigera-operator
  labels:
-    kyverno.shivering-isles.com/class: "system" 
+    kyverno.shivering-isles.com/class: "system"
+    pod-security.kubernetes.io/enforce: privileged
+    pod-security.kubernetes.io/audit: privileged
+    pod-security.kubernetes.io/warn: privileged
--- a/infrastructure/longhorn/namespace.yaml
+++ b/infrastructure/longhorn/namespace.yaml
@@ -6,3 +6,6 @@ metadata:
    name: longhorn-system
    kyverno.shivering-isles.com/class: "system"
    kustomize.toolkit.fluxcd.io/prune: disabled
+    pod-security.kubernetes.io/enforce: privileged
+    pod-security.kubernetes.io/audit: privileged
+    pod-security.kubernetes.io/warn: privileged
--- a/infrastructure/metallb/namespace.yaml
+++ b/infrastructure/metallb/namespace.yaml
@@ -4,4 +4,7 @@ metadata:
  name: metallb-system
  labels:
    name: metallb-system
-    kyverno.shivering-isles.com/class: "system" 
+    kyverno.shivering-isles.com/class: "system"
+    pod-security.kubernetes.io/enforce: privileged
+    pod-security.kubernetes.io/audit: privileged
+    pod-security.kubernetes.io/warn: privileged
--- a/infrastructure/monitoring/namespace.yaml
+++ b/infrastructure/monitoring/namespace.yaml
@@ -6,3 +6,6 @@ metadata:
    name: monitoring-system
    kyverno.shivering-isles.com/class: "system"
    monitoring.shivering-isles.com/network-access-required: "true"
+    pod-security.kubernetes.io/enforce: privileged
+    pod-security.kubernetes.io/audit: privileged
+    pod-security.kubernetes.io/warn: privileged
--- a/infrastructure/node-features/namespace.yaml
+++ b/infrastructure/node-features/namespace.yaml
@@ -5,3 +5,6 @@ metadata:
  labels:
    name: node-features-system
    kyverno.shivering-isles.com/class: "system"
+    pod-security.kubernetes.io/enforce: privileged
+    pod-security.kubernetes.io/audit: privileged
+    pod-security.kubernetes.io/warn: privileged