)]}'
{"podsecuritypolicy/templates/podsecuritypolicy.yaml":[{"author":{"_account_id":28719,"name":"Phil Sphicas","email":"phil.sphicas@att.com","username":"ps3910"},"change_message_id":"3ef91724b63077a0389791d50e051397acced47e","unresolved":false,"context_lines":[{"line_number":87,"context_line":"     for the sake of chart upgrades.  The roleRef for a binding is immutable,"},{"line_number":88,"context_line":"     so if the the defaultRole changes, we need a different binding to"},{"line_number":89,"context_line":"     reflect that. This issue was only sporadic! */}}"},{"line_number":90,"context_line":"  name: psp-binding-for-{{- ($rbacSubject | split \":\" )._0 -}}-{{- ( $rbacSubject | split \":\" )._1 }}-{{- $rbacRole }}"},{"line_number":91,"context_line":"  labels:"},{"line_number":92,"context_line":"{{ tuple $envAll \"podsecuritypolicy\" \"policy\" | include \"helm-toolkit.snippets.kubernetes_metadata_labels\" | indent 4 }}"},{"line_number":93,"context_line":"roleRef:"}],"source_content_type":"text/x-yaml","patch_set":27,"id":"ff570b3c_51068822","line":90,"range":{"start_line":90,"start_character":28,"end_line":90,"end_character":98},"updated":"2020-05-22 18:24:37.000000000","message":"small suggestion, could just use replace \":\" \"-\", or grab as $name and $namespace as variables and then re-use later.","commit_id":"5d9ef2ae9dadececc73a24bd7d23c956ced12c13"},{"author":{"_account_id":28664,"name":"Ahmad Mahmoudi","email":"ahmad.mahmoudi@att.com","username":"ahmad"},"change_message_id":"b8588901beba4afac84b5cd5f1269747c2994c6c","unresolved":false,"context_lines":[{"line_number":87,"context_line":"     for the sake of chart upgrades.  The roleRef for a binding is immutable,"},{"line_number":88,"context_line":"     so if the the defaultRole changes, we need a different binding to"},{"line_number":89,"context_line":"     reflect that. This issue was only sporadic! */}}"},{"line_number":90,"context_line":"  name: psp-binding-for-{{- ($rbacSubject | split \":\" )._0 -}}-{{- ( $rbacSubject | split \":\" )._1 }}-{{- $rbacRole }}"},{"line_number":91,"context_line":"  labels:"},{"line_number":92,"context_line":"{{ tuple $envAll \"podsecuritypolicy\" \"policy\" | include \"helm-toolkit.snippets.kubernetes_metadata_labels\" | indent 4 }}"},{"line_number":93,"context_line":"roleRef:"}],"source_content_type":"text/x-yaml","patch_set":27,"id":"ff570b3c_da1d6874","line":90,"range":{"start_line":90,"start_character":28,"end_line":90,"end_character":98},"in_reply_to":"ff570b3c_51068822","updated":"2020-05-26 19:57:46.000000000","message":"Done","commit_id":"5d9ef2ae9dadececc73a24bd7d23c956ced12c13"}],"podsecuritypolicy/values.yaml":[{"author":{"_account_id":28719,"name":"Phil Sphicas","email":"phil.sphicas@att.com","username":"ps3910"},"change_message_id":"3ef91724b63077a0389791d50e051397acced47e","unresolved":false,"context_lines":[{"line_number":13,"context_line":"# limitations under the License."},{"line_number":14,"context_line":""},{"line_number":15,"context_line":"conf:"},{"line_number":16,"context_line":"  # This defines specific serviceaccounts, which required elevated rights"},{"line_number":17,"context_line":"  # beyond the policies defined in the defaults."},{"line_number":18,"context_line":"  serviceaccounts:"},{"line_number":19,"context_line":"    namespace-1:service-account-1: psp-all-permissive"},{"line_number":20,"context_line":"  # This defines creation of ClusterRoleBindings that configure"}],"source_content_type":"text/x-yaml","patch_set":27,"id":"ff570b3c_514e88c1","line":17,"range":{"start_line":16,"start_character":0,"end_line":17,"end_character":48},"updated":"2020-05-22 18:24:37.000000000","message":"Not sure if there is a better way to phrase this to clarify what this is doing, maybe something like \"Creates ClusterRoleBindings to allow existing service accounts to use the referenced PodSecurityPolicies\".","commit_id":"5d9ef2ae9dadececc73a24bd7d23c956ced12c13"},{"author":{"_account_id":28664,"name":"Ahmad Mahmoudi","email":"ahmad.mahmoudi@att.com","username":"ahmad"},"change_message_id":"b8588901beba4afac84b5cd5f1269747c2994c6c","unresolved":false,"context_lines":[{"line_number":13,"context_line":"# limitations under the License."},{"line_number":14,"context_line":""},{"line_number":15,"context_line":"conf:"},{"line_number":16,"context_line":"  # This defines specific serviceaccounts, which required elevated rights"},{"line_number":17,"context_line":"  # beyond the policies defined in the defaults."},{"line_number":18,"context_line":"  serviceaccounts:"},{"line_number":19,"context_line":"    namespace-1:service-account-1: psp-all-permissive"},{"line_number":20,"context_line":"  # This defines creation of ClusterRoleBindings that configure"}],"source_content_type":"text/x-yaml","patch_set":27,"id":"ff570b3c_70727b7e","line":17,"range":{"start_line":16,"start_character":0,"end_line":17,"end_character":48},"in_reply_to":"ff570b3c_514e88c1","updated":"2020-05-26 19:57:46.000000000","message":"Done","commit_id":"5d9ef2ae9dadececc73a24bd7d23c956ced12c13"},{"author":{"_account_id":28719,"name":"Phil Sphicas","email":"phil.sphicas@att.com","username":"ps3910"},"change_message_id":"3ef91724b63077a0389791d50e051397acced47e","unresolved":false,"context_lines":[{"line_number":15,"context_line":"conf:"},{"line_number":16,"context_line":"  # This defines specific serviceaccounts, which required elevated rights"},{"line_number":17,"context_line":"  # beyond the policies defined in the defaults."},{"line_number":18,"context_line":"  serviceaccounts:"},{"line_number":19,"context_line":"    namespace-1:service-account-1: psp-all-permissive"},{"line_number":20,"context_line":"  # This defines creation of ClusterRoleBindings that configure"},{"line_number":21,"context_line":"  # default PodSecurityPolicies for the subjects below."},{"line_number":22,"context_line":"  # `nil` avoids creation of a default binding for the subject."}],"source_content_type":"text/x-yaml","patch_set":27,"id":"ff570b3c_d181f8c5","line":19,"range":{"start_line":18,"start_character":0,"end_line":19,"end_character":53},"updated":"2020-05-22 18:24:37.000000000","message":"Maybe we should create values_overrides and have this more as an example, rather than making it a default value in the chart?","commit_id":"5d9ef2ae9dadececc73a24bd7d23c956ced12c13"},{"author":{"_account_id":28719,"name":"Phil Sphicas","email":"phil.sphicas@att.com","username":"ps3910"},"change_message_id":"3ef91724b63077a0389791d50e051397acced47e","unresolved":false,"context_lines":[{"line_number":16,"context_line":"  # This defines specific serviceaccounts, which required elevated rights"},{"line_number":17,"context_line":"  # beyond the policies defined in the defaults."},{"line_number":18,"context_line":"  serviceaccounts:"},{"line_number":19,"context_line":"    namespace-1:service-account-1: psp-all-permissive"},{"line_number":20,"context_line":"  # This defines creation of ClusterRoleBindings that configure"},{"line_number":21,"context_line":"  # default PodSecurityPolicies for the subjects below."},{"line_number":22,"context_line":"  # `nil` avoids creation of a default binding for the subject."}],"source_content_type":"text/x-yaml","patch_set":27,"id":"ff570b3c_b1ed648d","line":19,"range":{"start_line":19,"start_character":4,"end_line":19,"end_character":53},"updated":"2020-05-22 18:24:37.000000000","message":"With the schema defined like this, a ServiceAccount can only be granted access to use a single PodSecurityPolicy. Not sure if it is a problem, just something to consider.","commit_id":"5d9ef2ae9dadececc73a24bd7d23c956ced12c13"},{"author":{"_account_id":28664,"name":"Ahmad Mahmoudi","email":"ahmad.mahmoudi@att.com","username":"ahmad"},"change_message_id":"b8588901beba4afac84b5cd5f1269747c2994c6c","unresolved":false,"context_lines":[{"line_number":16,"context_line":"  # This defines specific serviceaccounts, which required elevated rights"},{"line_number":17,"context_line":"  # beyond the policies defined in the defaults."},{"line_number":18,"context_line":"  serviceaccounts:"},{"line_number":19,"context_line":"    namespace-1:service-account-1: psp-all-permissive"},{"line_number":20,"context_line":"  # This defines creation of ClusterRoleBindings that configure"},{"line_number":21,"context_line":"  # default PodSecurityPolicies for the subjects below."},{"line_number":22,"context_line":"  # `nil` avoids creation of a default binding for the subject."}],"source_content_type":"text/x-yaml","patch_set":27,"id":"ff570b3c_10133f0f","line":19,"range":{"start_line":19,"start_character":4,"end_line":19,"end_character":53},"in_reply_to":"ff570b3c_b1ed648d","updated":"2020-05-26 19:57:46.000000000","message":"Yea. That is the way this template is created from the beginning, to define psp and clusterroles with the same names. I didn\u0027t want to change that.","commit_id":"5d9ef2ae9dadececc73a24bd7d23c956ced12c13"},{"author":{"_account_id":28664,"name":"Ahmad Mahmoudi","email":"ahmad.mahmoudi@att.com","username":"ahmad"},"change_message_id":"b8588901beba4afac84b5cd5f1269747c2994c6c","unresolved":false,"context_lines":[{"line_number":15,"context_line":"conf:"},{"line_number":16,"context_line":"  # This defines specific serviceaccounts, which required elevated rights"},{"line_number":17,"context_line":"  # beyond the policies defined in the defaults."},{"line_number":18,"context_line":"  serviceaccounts:"},{"line_number":19,"context_line":"    namespace-1:service-account-1: psp-all-permissive"},{"line_number":20,"context_line":"  # This defines creation of ClusterRoleBindings that configure"},{"line_number":21,"context_line":"  # default PodSecurityPolicies for the subjects below."},{"line_number":22,"context_line":"  # `nil` avoids creation of a default binding for the subject."}],"source_content_type":"text/x-yaml","patch_set":27,"id":"ff570b3c_90690f8d","line":19,"range":{"start_line":18,"start_character":0,"end_line":19,"end_character":53},"in_reply_to":"ff570b3c_d181f8c5","updated":"2020-05-26 19:57:46.000000000","message":"Done","commit_id":"5d9ef2ae9dadececc73a24bd7d23c956ced12c13"},{"author":{"_account_id":28719,"name":"Phil Sphicas","email":"phil.sphicas@att.com","username":"ps3910"},"change_message_id":"3ef91724b63077a0389791d50e051397acced47e","unresolved":false,"context_lines":[{"line_number":21,"context_line":"  # default PodSecurityPolicies for the subjects below."},{"line_number":22,"context_line":"  # `nil` avoids creation of a default binding for the subject."},{"line_number":23,"context_line":"  #"},{"line_number":24,"context_line":"  defaults:"},{"line_number":25,"context_line":"    serviceaccounts: psp-default"},{"line_number":26,"context_line":"    authenticated: psp-default"},{"line_number":27,"context_line":"    unauthenticated: nil"}],"source_content_type":"text/x-yaml","patch_set":27,"id":"ff570b3c_51aa0819","line":24,"range":{"start_line":24,"start_character":0,"end_line":24,"end_character":11},"updated":"2020-05-22 18:24:37.000000000","message":"It could be worth adding some defaults for the kube-system namespace and to allow mirror-pod creation, either in values_overrides or here:\n\n    defaults:\n      nodes: psp-all-permissive\n      serviceaccounts:kube-system: psp-all-permissive","commit_id":"5d9ef2ae9dadececc73a24bd7d23c956ced12c13"},{"author":{"_account_id":28664,"name":"Ahmad Mahmoudi","email":"ahmad.mahmoudi@att.com","username":"ahmad"},"change_message_id":"b8588901beba4afac84b5cd5f1269747c2994c6c","unresolved":false,"context_lines":[{"line_number":21,"context_line":"  # default PodSecurityPolicies for the subjects below."},{"line_number":22,"context_line":"  # `nil` avoids creation of a default binding for the subject."},{"line_number":23,"context_line":"  #"},{"line_number":24,"context_line":"  defaults:"},{"line_number":25,"context_line":"    serviceaccounts: psp-default"},{"line_number":26,"context_line":"    authenticated: psp-default"},{"line_number":27,"context_line":"    unauthenticated: nil"}],"source_content_type":"text/x-yaml","patch_set":27,"id":"ff570b3c_501db70d","line":24,"range":{"start_line":24,"start_character":0,"end_line":24,"end_character":11},"in_reply_to":"ff570b3c_51aa0819","updated":"2020-05-26 19:57:46.000000000","message":"Done","commit_id":"5d9ef2ae9dadececc73a24bd7d23c956ced12c13"}]}