)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"9d5d0140b01afeb5bc16e6913cdac4629e3786c5","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"0c3f3a8b_990132de","updated":"2022-06-27 15:10:18.000000000","message":"Hi Ayyappa, I fixed the indent and reverted my previous changes. Let me know if it is correct now. Thanks","commit_id":"46f855c0856272aed434f2b99c2897487987dfc3"},{"author":{"_account_id":30539,"name":"Ron Stone","email":"ronald.stone@windriver.com","username":"ronstone2000"},"change_message_id":"be96136751b399a7c3a2193dda5453406a6969d5","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":6,"id":"07f899c8_daea7b07","updated":"2022-06-28 17:26:49.000000000","message":"LGTM. WF.","commit_id":"35152799b9d986dfa30a49a6e4a9e7016424c793"}],"doc/source/security/kubernetes/configure-defaults-for-the-pod-security-admission-controller-525590d11815.rst":[{"author":{"_account_id":26026,"name":"Greg Waines","email":"greg.waines@windriver.com","username":"gwaines"},"change_message_id":"1ac3311a7045880a67af69bbd9b16bfffbe88fdf","unresolved":true,"context_lines":[{"line_number":4,"context_line":"Technology Preview - Configure defaults for the Pod Security Admission Controller"},{"line_number":5,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"In |prod-long| |prod-ver| version only the bootstrap overrides |PSA| controller"},{"line_number":8,"context_line":"configuration is supported. The runtime configuration will be supported in the"},{"line_number":9,"context_line":"next release."},{"line_number":10,"context_line":""},{"line_number":11,"context_line":"The Default |PSA| controller configuration will apply to new namespaces that"},{"line_number":12,"context_line":"are not created with a mode level set. When showing the namespace description"}],"source_content_type":"text/x-rst","patch_set":1,"id":"5759f102_a691ea4a","line":9,"range":{"start_line":7,"start_character":0,"end_line":9,"end_character":13},"updated":"2022-06-24 12:44:34.000000000","message":"REWORD:\n\nFor the technology preview of the PSA controller, the PSA controller can be configured with default security polices and exemptions at bootstrap time.","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"fcf536b55ac2ce49429d9e1eee8b0cbce1957f70","unresolved":false,"context_lines":[{"line_number":4,"context_line":"Technology Preview - Configure defaults for the Pod Security Admission Controller"},{"line_number":5,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"In |prod-long| |prod-ver| version only the bootstrap overrides |PSA| controller"},{"line_number":8,"context_line":"configuration is supported. The runtime configuration will be supported in the"},{"line_number":9,"context_line":"next release."},{"line_number":10,"context_line":""},{"line_number":11,"context_line":"The Default |PSA| controller configuration will apply to new namespaces that"},{"line_number":12,"context_line":"are not created with a mode level set. When showing the namespace description"}],"source_content_type":"text/x-rst","patch_set":1,"id":"2350fa55_af4c0679","line":9,"range":{"start_line":7,"start_character":0,"end_line":9,"end_character":13},"in_reply_to":"5759f102_a691ea4a","updated":"2022-06-24 17:04:22.000000000","message":"Done","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":26026,"name":"Greg Waines","email":"greg.waines@windriver.com","username":"gwaines"},"change_message_id":"1ac3311a7045880a67af69bbd9b16bfffbe88fdf","unresolved":true,"context_lines":[{"line_number":8,"context_line":"configuration is supported. The runtime configuration will be supported in the"},{"line_number":9,"context_line":"next release."},{"line_number":10,"context_line":""},{"line_number":11,"context_line":"The Default |PSA| controller configuration will apply to new namespaces that"},{"line_number":12,"context_line":"are not created with a mode level set. When showing the namespace description"},{"line_number":13,"context_line":"using :command:`kubectl describe namespace \u003cnamespace\u003e` command, the labels are"},{"line_number":14,"context_line":"not displayed but the behavior of the namespace will follow the default |PSA|"},{"line_number":15,"context_line":"labels level configuration set with ``AdmissionConfiguration``."}],"source_content_type":"text/x-rst","patch_set":1,"id":"2614f4d8_38c04410","line":12,"range":{"start_line":11,"start_character":57,"end_line":12,"end_character":37},"updated":"2022-06-24 12:44:34.000000000","message":"REWORD:\n\nnamespaces that are not configured with the pod-security.kubernetes.io labels to specify a security level and mode.","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"fcf536b55ac2ce49429d9e1eee8b0cbce1957f70","unresolved":false,"context_lines":[{"line_number":8,"context_line":"configuration is supported. The runtime configuration will be supported in the"},{"line_number":9,"context_line":"next release."},{"line_number":10,"context_line":""},{"line_number":11,"context_line":"The Default |PSA| controller configuration will apply to new namespaces that"},{"line_number":12,"context_line":"are not created with a mode level set. When showing the namespace description"},{"line_number":13,"context_line":"using :command:`kubectl describe namespace \u003cnamespace\u003e` command, the labels are"},{"line_number":14,"context_line":"not displayed but the behavior of the namespace will follow the default |PSA|"},{"line_number":15,"context_line":"labels level configuration set with ``AdmissionConfiguration``."}],"source_content_type":"text/x-rst","patch_set":1,"id":"b087d2e0_7c42fb6f","line":12,"range":{"start_line":11,"start_character":57,"end_line":12,"end_character":37},"in_reply_to":"2614f4d8_38c04410","updated":"2022-06-24 17:04:22.000000000","message":"Done","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":26026,"name":"Greg Waines","email":"greg.waines@windriver.com","username":"gwaines"},"change_message_id":"1ac3311a7045880a67af69bbd9b16bfffbe88fdf","unresolved":true,"context_lines":[{"line_number":9,"context_line":"next release."},{"line_number":10,"context_line":""},{"line_number":11,"context_line":"The Default |PSA| controller configuration will apply to new namespaces that"},{"line_number":12,"context_line":"are not created with a mode level set. When showing the namespace description"},{"line_number":13,"context_line":"using :command:`kubectl describe namespace \u003cnamespace\u003e` command, the labels are"},{"line_number":14,"context_line":"not displayed but the behavior of the namespace will follow the default |PSA|"},{"line_number":15,"context_line":"labels level configuration set with ``AdmissionConfiguration``."},{"line_number":16,"context_line":""},{"line_number":17,"context_line":"-----------------------------"}],"source_content_type":"text/x-rst","patch_set":1,"id":"5bcc9fa1_fff8aaba","line":14,"range":{"start_line":12,"start_character":38,"end_line":14,"end_character":18},"updated":"2022-06-24 12:44:34.000000000","message":"REWORD?\n\nFor example if you display the namespace description using \u0027kubectl describe namespace \u003cnamespace\u003e\u0027 and the pod-security.kubernetes.io labels are not displayed, then","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"fcf536b55ac2ce49429d9e1eee8b0cbce1957f70","unresolved":false,"context_lines":[{"line_number":9,"context_line":"next release."},{"line_number":10,"context_line":""},{"line_number":11,"context_line":"The Default |PSA| controller configuration will apply to new namespaces that"},{"line_number":12,"context_line":"are not created with a mode level set. When showing the namespace description"},{"line_number":13,"context_line":"using :command:`kubectl describe namespace \u003cnamespace\u003e` command, the labels are"},{"line_number":14,"context_line":"not displayed but the behavior of the namespace will follow the default |PSA|"},{"line_number":15,"context_line":"labels level configuration set with ``AdmissionConfiguration``."},{"line_number":16,"context_line":""},{"line_number":17,"context_line":"-----------------------------"}],"source_content_type":"text/x-rst","patch_set":1,"id":"99df10e1_eafb6adb","line":14,"range":{"start_line":12,"start_character":38,"end_line":14,"end_character":18},"in_reply_to":"5bcc9fa1_fff8aaba","updated":"2022-06-24 17:04:22.000000000","message":"Done","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":26026,"name":"Greg Waines","email":"greg.waines@windriver.com","username":"gwaines"},"change_message_id":"1ac3311a7045880a67af69bbd9b16bfffbe88fdf","unresolved":true,"context_lines":[{"line_number":12,"context_line":"are not created with a mode level set. When showing the namespace description"},{"line_number":13,"context_line":"using :command:`kubectl describe namespace \u003cnamespace\u003e` command, the labels are"},{"line_number":14,"context_line":"not displayed but the behavior of the namespace will follow the default |PSA|"},{"line_number":15,"context_line":"labels level configuration set with ``AdmissionConfiguration``."},{"line_number":16,"context_line":""},{"line_number":17,"context_line":"-----------------------------"},{"line_number":18,"context_line":"How to configure PSA defaults"}],"source_content_type":"text/x-rst","patch_set":1,"id":"97055946_34d70d8d","line":15,"range":{"start_line":15,"start_character":36,"end_line":15,"end_character":62},"updated":"2022-06-24 12:44:34.000000000","message":"PodSecurity plugin of the AdmissionConfiguration resource","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":26026,"name":"Greg Waines","email":"greg.waines@windriver.com","username":"gwaines"},"change_message_id":"1ac3311a7045880a67af69bbd9b16bfffbe88fdf","unresolved":true,"context_lines":[{"line_number":12,"context_line":"are not created with a mode level set. When showing the namespace description"},{"line_number":13,"context_line":"using :command:`kubectl describe namespace \u003cnamespace\u003e` command, the labels are"},{"line_number":14,"context_line":"not displayed but the behavior of the namespace will follow the default |PSA|"},{"line_number":15,"context_line":"labels level configuration set with ``AdmissionConfiguration``."},{"line_number":16,"context_line":""},{"line_number":17,"context_line":"-----------------------------"},{"line_number":18,"context_line":"How to configure PSA defaults"}],"source_content_type":"text/x-rst","patch_set":1,"id":"586dbaff_18a2fba5","line":15,"range":{"start_line":15,"start_character":0,"end_line":15,"end_character":12},"updated":"2022-06-24 12:44:34.000000000","message":"labels\u0027 level, mode and version","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"fcf536b55ac2ce49429d9e1eee8b0cbce1957f70","unresolved":false,"context_lines":[{"line_number":12,"context_line":"are not created with a mode level set. When showing the namespace description"},{"line_number":13,"context_line":"using :command:`kubectl describe namespace \u003cnamespace\u003e` command, the labels are"},{"line_number":14,"context_line":"not displayed but the behavior of the namespace will follow the default |PSA|"},{"line_number":15,"context_line":"labels level configuration set with ``AdmissionConfiguration``."},{"line_number":16,"context_line":""},{"line_number":17,"context_line":"-----------------------------"},{"line_number":18,"context_line":"How to configure PSA defaults"}],"source_content_type":"text/x-rst","patch_set":1,"id":"1e8d300c_6ce09aff","line":15,"range":{"start_line":15,"start_character":0,"end_line":15,"end_character":12},"in_reply_to":"586dbaff_18a2fba5","updated":"2022-06-24 17:04:22.000000000","message":"Done","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"fcf536b55ac2ce49429d9e1eee8b0cbce1957f70","unresolved":false,"context_lines":[{"line_number":12,"context_line":"are not created with a mode level set. When showing the namespace description"},{"line_number":13,"context_line":"using :command:`kubectl describe namespace \u003cnamespace\u003e` command, the labels are"},{"line_number":14,"context_line":"not displayed but the behavior of the namespace will follow the default |PSA|"},{"line_number":15,"context_line":"labels level configuration set with ``AdmissionConfiguration``."},{"line_number":16,"context_line":""},{"line_number":17,"context_line":"-----------------------------"},{"line_number":18,"context_line":"How to configure PSA defaults"}],"source_content_type":"text/x-rst","patch_set":1,"id":"a80b6886_2082567f","line":15,"range":{"start_line":15,"start_character":36,"end_line":15,"end_character":62},"in_reply_to":"97055946_34d70d8d","updated":"2022-06-24 17:04:22.000000000","message":"Done","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":26026,"name":"Greg Waines","email":"greg.waines@windriver.com","username":"gwaines"},"change_message_id":"1ac3311a7045880a67af69bbd9b16bfffbe88fdf","unresolved":true,"context_lines":[{"line_number":18,"context_line":"How to configure PSA defaults"},{"line_number":19,"context_line":"-----------------------------"},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"Configure AdmissionConfiguration"},{"line_number":22,"context_line":"--------------------------------"},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"To configure ``cluster-wide`` policies the ``AdmissionConfiguration`` resource"}],"source_content_type":"text/x-rst","patch_set":1,"id":"b776e93f_f8066027","line":21,"range":{"start_line":21,"start_character":10,"end_line":21,"end_character":32},"updated":"2022-06-24 12:44:34.000000000","message":"PodSecurity plugin of AdmissionConfiguration","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"fcf536b55ac2ce49429d9e1eee8b0cbce1957f70","unresolved":false,"context_lines":[{"line_number":18,"context_line":"How to configure PSA defaults"},{"line_number":19,"context_line":"-----------------------------"},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"Configure AdmissionConfiguration"},{"line_number":22,"context_line":"--------------------------------"},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"To configure ``cluster-wide`` policies the ``AdmissionConfiguration`` resource"}],"source_content_type":"text/x-rst","patch_set":1,"id":"3df171c4_005ecc00","line":21,"range":{"start_line":21,"start_character":10,"end_line":21,"end_character":32},"in_reply_to":"b776e93f_f8066027","updated":"2022-06-24 17:04:22.000000000","message":"Done","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":26026,"name":"Greg Waines","email":"greg.waines@windriver.com","username":"gwaines"},"change_message_id":"1ac3311a7045880a67af69bbd9b16bfffbe88fdf","unresolved":true,"context_lines":[{"line_number":21,"context_line":"Configure AdmissionConfiguration"},{"line_number":22,"context_line":"--------------------------------"},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"To configure ``cluster-wide`` policies the ``AdmissionConfiguration`` resource"},{"line_number":25,"context_line":"can be used. There is no runtime configurable API for this resource and a path"},{"line_number":26,"context_line":"to file ``admission-control-config-file.yaml`` needs to be set via the"},{"line_number":27,"context_line":"``--admission-control-config-file`` flag on the API server."}],"source_content_type":"text/x-rst","patch_set":1,"id":"ad710e3c_e3b0eb7c","line":24,"range":{"start_line":24,"start_character":39,"end_line":24,"end_character":43},"updated":"2022-06-24 12:44:34.000000000","message":"PodSecurity plugin of the","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"fcf536b55ac2ce49429d9e1eee8b0cbce1957f70","unresolved":false,"context_lines":[{"line_number":21,"context_line":"Configure AdmissionConfiguration"},{"line_number":22,"context_line":"--------------------------------"},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"To configure ``cluster-wide`` policies the ``AdmissionConfiguration`` resource"},{"line_number":25,"context_line":"can be used. There is no runtime configurable API for this resource and a path"},{"line_number":26,"context_line":"to file ``admission-control-config-file.yaml`` needs to be set via the"},{"line_number":27,"context_line":"``--admission-control-config-file`` flag on the API server."}],"source_content_type":"text/x-rst","patch_set":1,"id":"bfde823d_586e6e22","line":24,"range":{"start_line":24,"start_character":39,"end_line":24,"end_character":43},"in_reply_to":"ad710e3c_e3b0eb7c","updated":"2022-06-24 17:04:22.000000000","message":"Done","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":26026,"name":"Greg Waines","email":"greg.waines@windriver.com","username":"gwaines"},"change_message_id":"1ac3311a7045880a67af69bbd9b16bfffbe88fdf","unresolved":true,"context_lines":[{"line_number":22,"context_line":"--------------------------------"},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"To configure ``cluster-wide`` policies the ``AdmissionConfiguration`` resource"},{"line_number":25,"context_line":"can be used. There is no runtime configurable API for this resource and a path"},{"line_number":26,"context_line":"to file ``admission-control-config-file.yaml`` needs to be set via the"},{"line_number":27,"context_line":"``--admission-control-config-file`` flag on the API server."},{"line_number":28,"context_line":""},{"line_number":29,"context_line":".. note::"},{"line_number":30,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"8fb8519a_ece912a3","line":27,"range":{"start_line":25,"start_character":13,"end_line":27,"end_character":59},"updated":"2022-06-24 12:44:34.000000000","message":"REWORD:\n\nThe AdmissionConfiguration resource is configurable at bootstrap time with the api-server_extra_args and apiserver_extra_volumes overrides in the localhost.yml file.","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"fcf536b55ac2ce49429d9e1eee8b0cbce1957f70","unresolved":false,"context_lines":[{"line_number":22,"context_line":"--------------------------------"},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"To configure ``cluster-wide`` policies the ``AdmissionConfiguration`` resource"},{"line_number":25,"context_line":"can be used. There is no runtime configurable API for this resource and a path"},{"line_number":26,"context_line":"to file ``admission-control-config-file.yaml`` needs to be set via the"},{"line_number":27,"context_line":"``--admission-control-config-file`` flag on the API server."},{"line_number":28,"context_line":""},{"line_number":29,"context_line":".. note::"},{"line_number":30,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"920cc217_9b71d4f9","line":27,"range":{"start_line":25,"start_character":13,"end_line":27,"end_character":59},"in_reply_to":"8fb8519a_ece912a3","updated":"2022-06-24 17:04:22.000000000","message":"Done","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":26026,"name":"Greg Waines","email":"greg.waines@windriver.com","username":"gwaines"},"change_message_id":"1ac3311a7045880a67af69bbd9b16bfffbe88fdf","unresolved":true,"context_lines":[{"line_number":32,"context_line":"    default and any policy that is applied via namespace labels will take"},{"line_number":33,"context_line":"    precedence."},{"line_number":34,"context_line":""},{"line_number":35,"context_line":"Generic configuration:"},{"line_number":36,"context_line":""},{"line_number":37,"context_line":".. code-block:: none"},{"line_number":38,"context_line":""},{"line_number":39,"context_line":"    apiVersion: apiserver.config.k8s.io/v1"},{"line_number":40,"context_line":"    kind: AdmissionConfiguration"},{"line_number":41,"context_line":"    plugins:"},{"line_number":42,"context_line":"    - name: PodSecurity"},{"line_number":43,"context_line":"      configuration:"},{"line_number":44,"context_line":"        apiVersion: pod-security.admission.config.k8s.io/v1beta1"},{"line_number":45,"context_line":"        kind: PodSecurityConfiguration"},{"line_number":46,"context_line":"        #"},{"line_number":47,"context_line":"        # Level label values must be one of:"},{"line_number":48,"context_line":"        # - \"privileged\" (default)"},{"line_number":49,"context_line":"        # - \"baseline\""},{"line_number":50,"context_line":"        # - \"restricted\""},{"line_number":51,"context_line":"        #"},{"line_number":52,"context_line":"        # Per-mode Version label values must be one of:"},{"line_number":53,"context_line":"        # - \"latest\" (default)"},{"line_number":54,"context_line":"        # - specific version like \"v1.23\""},{"line_number":55,"context_line":"        defaults:"},{"line_number":56,"context_line":"          enforce: \"privileged\""},{"line_number":57,"context_line":"          enforce-version: \"latest\""},{"line_number":58,"context_line":"          audit: \"privileged\""},{"line_number":59,"context_line":"          audit-version: \"latest\""},{"line_number":60,"context_line":"          warn: \"privileged\""},{"line_number":61,"context_line":"          warn-version: \"latest\""},{"line_number":62,"context_line":"        exemptions:"},{"line_number":63,"context_line":"          # Array of authenticated usernames to exempt."},{"line_number":64,"context_line":"          usernames: []"},{"line_number":65,"context_line":"          # Array of runtime class names to exempt."},{"line_number":66,"context_line":"          runtimeClasses: []"},{"line_number":67,"context_line":"          # Array of namespaces to exempt."},{"line_number":68,"context_line":"          namespaces: []"},{"line_number":69,"context_line":""},{"line_number":70,"context_line":".. note::"},{"line_number":71,"context_line":""},{"line_number":72,"context_line":"    Kubernetes v1.23+ configuration requires apiversion be set to"},{"line_number":73,"context_line":"    ``pod-security.admission.config.k8s.io/v1beta1``. For v1.22,"},{"line_number":74,"context_line":"    ``pod-security.admission.config.k8s.io/v1alpha1`` needs to be used."},{"line_number":75,"context_line":""},{"line_number":76,"context_line":"In |prod-long| platform the ``cluster-wide`` configuration can be applied at"},{"line_number":77,"context_line":"bootstrap as overrides set in ``localhost.yml``. The configuration is using"}],"source_content_type":"text/x-rst","patch_set":1,"id":"478c2c74_58bd1db5","line":74,"range":{"start_line":35,"start_character":0,"end_line":74,"end_character":71},"updated":"2022-06-24 12:44:34.000000000","message":"I would REMOVE this ... not really needed.","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"fcf536b55ac2ce49429d9e1eee8b0cbce1957f70","unresolved":false,"context_lines":[{"line_number":32,"context_line":"    default and any policy that is applied via namespace labels will take"},{"line_number":33,"context_line":"    precedence."},{"line_number":34,"context_line":""},{"line_number":35,"context_line":"Generic configuration:"},{"line_number":36,"context_line":""},{"line_number":37,"context_line":".. code-block:: none"},{"line_number":38,"context_line":""},{"line_number":39,"context_line":"    apiVersion: apiserver.config.k8s.io/v1"},{"line_number":40,"context_line":"    kind: AdmissionConfiguration"},{"line_number":41,"context_line":"    plugins:"},{"line_number":42,"context_line":"    - name: PodSecurity"},{"line_number":43,"context_line":"      configuration:"},{"line_number":44,"context_line":"        apiVersion: pod-security.admission.config.k8s.io/v1beta1"},{"line_number":45,"context_line":"        kind: PodSecurityConfiguration"},{"line_number":46,"context_line":"        #"},{"line_number":47,"context_line":"        # Level label values must be one of:"},{"line_number":48,"context_line":"        # - \"privileged\" (default)"},{"line_number":49,"context_line":"        # - \"baseline\""},{"line_number":50,"context_line":"        # - \"restricted\""},{"line_number":51,"context_line":"        #"},{"line_number":52,"context_line":"        # Per-mode Version label values must be one of:"},{"line_number":53,"context_line":"        # - \"latest\" (default)"},{"line_number":54,"context_line":"        # - specific version like \"v1.23\""},{"line_number":55,"context_line":"        defaults:"},{"line_number":56,"context_line":"          enforce: \"privileged\""},{"line_number":57,"context_line":"          enforce-version: \"latest\""},{"line_number":58,"context_line":"          audit: \"privileged\""},{"line_number":59,"context_line":"          audit-version: \"latest\""},{"line_number":60,"context_line":"          warn: \"privileged\""},{"line_number":61,"context_line":"          warn-version: \"latest\""},{"line_number":62,"context_line":"        exemptions:"},{"line_number":63,"context_line":"          # Array of authenticated usernames to exempt."},{"line_number":64,"context_line":"          usernames: []"},{"line_number":65,"context_line":"          # Array of runtime class names to exempt."},{"line_number":66,"context_line":"          runtimeClasses: []"},{"line_number":67,"context_line":"          # Array of namespaces to exempt."},{"line_number":68,"context_line":"          namespaces: []"},{"line_number":69,"context_line":""},{"line_number":70,"context_line":".. note::"},{"line_number":71,"context_line":""},{"line_number":72,"context_line":"    Kubernetes v1.23+ configuration requires apiversion be set to"},{"line_number":73,"context_line":"    ``pod-security.admission.config.k8s.io/v1beta1``. For v1.22,"},{"line_number":74,"context_line":"    ``pod-security.admission.config.k8s.io/v1alpha1`` needs to be used."},{"line_number":75,"context_line":""},{"line_number":76,"context_line":"In |prod-long| platform the ``cluster-wide`` configuration can be applied at"},{"line_number":77,"context_line":"bootstrap as overrides set in ``localhost.yml``. The configuration is using"}],"source_content_type":"text/x-rst","patch_set":1,"id":"eff2c7f8_a1f57124","line":74,"range":{"start_line":35,"start_character":0,"end_line":74,"end_character":71},"in_reply_to":"478c2c74_58bd1db5","updated":"2022-06-24 17:04:22.000000000","message":"Done","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":26026,"name":"Greg Waines","email":"greg.waines@windriver.com","username":"gwaines"},"change_message_id":"1ac3311a7045880a67af69bbd9b16bfffbe88fdf","unresolved":true,"context_lines":[{"line_number":73,"context_line":"    ``pod-security.admission.config.k8s.io/v1beta1``. For v1.22,"},{"line_number":74,"context_line":"    ``pod-security.admission.config.k8s.io/v1alpha1`` needs to be used."},{"line_number":75,"context_line":""},{"line_number":76,"context_line":"In |prod-long| platform the ``cluster-wide`` configuration can be applied at"},{"line_number":77,"context_line":"bootstrap as overrides set in ``localhost.yml``. The configuration is using"},{"line_number":78,"context_line":"file ``admission-control-config-file.yaml``."},{"line_number":79,"context_line":""},{"line_number":80,"context_line":"After bootstrap ``/etc/kubernetes/admission-control-config-file.yaml`` will be"},{"line_number":81,"context_line":"populated with the admission configuration."},{"line_number":82,"context_line":""},{"line_number":83,"context_line":"Example of configuration added to ``localhost.yml``:"},{"line_number":84,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"55166559_9cfe5969","line":81,"range":{"start_line":76,"start_character":0,"end_line":81,"end_character":43},"updated":"2022-06-24 12:44:34.000000000","message":"I would REMOVE ... this is covered by the REWORD suggested on lines 25-27","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"fcf536b55ac2ce49429d9e1eee8b0cbce1957f70","unresolved":false,"context_lines":[{"line_number":73,"context_line":"    ``pod-security.admission.config.k8s.io/v1beta1``. For v1.22,"},{"line_number":74,"context_line":"    ``pod-security.admission.config.k8s.io/v1alpha1`` needs to be used."},{"line_number":75,"context_line":""},{"line_number":76,"context_line":"In |prod-long| platform the ``cluster-wide`` configuration can be applied at"},{"line_number":77,"context_line":"bootstrap as overrides set in ``localhost.yml``. The configuration is using"},{"line_number":78,"context_line":"file ``admission-control-config-file.yaml``."},{"line_number":79,"context_line":""},{"line_number":80,"context_line":"After bootstrap ``/etc/kubernetes/admission-control-config-file.yaml`` will be"},{"line_number":81,"context_line":"populated with the admission configuration."},{"line_number":82,"context_line":""},{"line_number":83,"context_line":"Example of configuration added to ``localhost.yml``:"},{"line_number":84,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"5e19e517_d42aba49","line":81,"range":{"start_line":76,"start_character":0,"end_line":81,"end_character":43},"in_reply_to":"55166559_9cfe5969","updated":"2022-06-24 17:04:22.000000000","message":"Done","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":26026,"name":"Greg Waines","email":"greg.waines@windriver.com","username":"gwaines"},"change_message_id":"1ac3311a7045880a67af69bbd9b16bfffbe88fdf","unresolved":true,"context_lines":[{"line_number":107,"context_line":"                audit-version: \"latest\""},{"line_number":108,"context_line":"                warn: \"privileged\""},{"line_number":109,"context_line":"                warn-version: \"latest\""},{"line_number":110,"context_line":""},{"line_number":111,"context_line":"Platform namespaces configuration"},{"line_number":112,"context_line":"---------------------------------"},{"line_number":113,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"fec78808_83a044a8","line":110,"updated":"2022-06-24 12:44:34.000000000","message":"ADD:\n\nSee doc/source/system_configuration/kubernetes/kubernetes-custom-configuration-31c1fd41857d.rst  for more details on kubernetes configuration, apiserver_extra_args and apiserver_extra_volumes.","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"fcf536b55ac2ce49429d9e1eee8b0cbce1957f70","unresolved":false,"context_lines":[{"line_number":107,"context_line":"                audit-version: \"latest\""},{"line_number":108,"context_line":"                warn: \"privileged\""},{"line_number":109,"context_line":"                warn-version: \"latest\""},{"line_number":110,"context_line":""},{"line_number":111,"context_line":"Platform namespaces configuration"},{"line_number":112,"context_line":"---------------------------------"},{"line_number":113,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"fe5a11e7_17ec6635","line":110,"in_reply_to":"fec78808_83a044a8","updated":"2022-06-24 17:04:22.000000000","message":"Done","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":26026,"name":"Greg Waines","email":"greg.waines@windriver.com","username":"gwaines"},"change_message_id":"1ac3311a7045880a67af69bbd9b16bfffbe88fdf","unresolved":true,"context_lines":[{"line_number":115,"context_line":"added to all the namespaces used by the platform. System namespaces, such as"},{"line_number":116,"context_line":"``kube-system``, ``deployment``, as well as application namespaces such as,"},{"line_number":117,"context_line":"``cert-manager`` have been created by default with privileged label levels."},{"line_number":118,"context_line":"This will cause no-harm if users do not wish to use ``beta`` |PSA| feature"},{"line_number":119,"context_line":"enabled by default in 1.23 version."},{"line_number":120,"context_line":""},{"line_number":121,"context_line":"The following labels configuration is applied by default to namespaces:"},{"line_number":122,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"a9243aad_fbc2596b","line":119,"range":{"start_line":118,"start_character":0,"end_line":119,"end_character":35},"updated":"2022-06-24 12:44:34.000000000","message":"I\u0027d REMOVE","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"fcf536b55ac2ce49429d9e1eee8b0cbce1957f70","unresolved":false,"context_lines":[{"line_number":115,"context_line":"added to all the namespaces used by the platform. System namespaces, such as"},{"line_number":116,"context_line":"``kube-system``, ``deployment``, as well as application namespaces such as,"},{"line_number":117,"context_line":"``cert-manager`` have been created by default with privileged label levels."},{"line_number":118,"context_line":"This will cause no-harm if users do not wish to use ``beta`` |PSA| feature"},{"line_number":119,"context_line":"enabled by default in 1.23 version."},{"line_number":120,"context_line":""},{"line_number":121,"context_line":"The following labels configuration is applied by default to namespaces:"},{"line_number":122,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"5c6f5874_9326e9d7","line":119,"range":{"start_line":118,"start_character":0,"end_line":119,"end_character":35},"in_reply_to":"a9243aad_fbc2596b","updated":"2022-06-24 17:04:22.000000000","message":"Done","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":26026,"name":"Greg Waines","email":"greg.waines@windriver.com","username":"gwaines"},"change_message_id":"1ac3311a7045880a67af69bbd9b16bfffbe88fdf","unresolved":true,"context_lines":[{"line_number":118,"context_line":"This will cause no-harm if users do not wish to use ``beta`` |PSA| feature"},{"line_number":119,"context_line":"enabled by default in 1.23 version."},{"line_number":120,"context_line":""},{"line_number":121,"context_line":"The following labels configuration is applied by default to namespaces:"},{"line_number":122,"context_line":""},{"line_number":123,"context_line":".. code-block:: none"},{"line_number":124,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"4cb67893_70246a29","line":121,"range":{"start_line":121,"start_character":60,"end_line":121,"end_character":70},"updated":"2022-06-24 12:44:34.000000000","message":"Platform namespaces","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"fcf536b55ac2ce49429d9e1eee8b0cbce1957f70","unresolved":false,"context_lines":[{"line_number":118,"context_line":"This will cause no-harm if users do not wish to use ``beta`` |PSA| feature"},{"line_number":119,"context_line":"enabled by default in 1.23 version."},{"line_number":120,"context_line":""},{"line_number":121,"context_line":"The following labels configuration is applied by default to namespaces:"},{"line_number":122,"context_line":""},{"line_number":123,"context_line":".. code-block:: none"},{"line_number":124,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"babb9f67_75ba8008","line":121,"range":{"start_line":121,"start_character":60,"end_line":121,"end_character":70},"in_reply_to":"4cb67893_70246a29","updated":"2022-06-24 17:04:22.000000000","message":"Done","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":26026,"name":"Greg Waines","email":"greg.waines@windriver.com","username":"gwaines"},"change_message_id":"1ac3311a7045880a67af69bbd9b16bfffbe88fdf","unresolved":true,"context_lines":[{"line_number":131,"context_line":"                  pod-security.kubernetes.io/enforce-version\u003dlatest"},{"line_number":132,"context_line":"                  pod-security.kubernetes.io/warn\u003dprivileged"},{"line_number":133,"context_line":"                  pod-security.kubernetes.io/warn-version\u003dlatest"},{"line_number":134,"context_line":"    Annotations:  \u003cnone\u003e"},{"line_number":135,"context_line":"    Status:       Active"},{"line_number":136,"context_line":""},{"line_number":137,"context_line":"    No resource quota."},{"line_number":138,"context_line":""},{"line_number":139,"context_line":"    No LimitRange resource."},{"line_number":140,"context_line":""},{"line_number":141,"context_line":".. rubric:: |eg|"},{"line_number":142,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"ba179778_b39c9e2f","line":139,"range":{"start_line":134,"start_character":0,"end_line":139,"end_character":27},"updated":"2022-06-24 12:44:34.000000000","message":"REMOVE","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"fcf536b55ac2ce49429d9e1eee8b0cbce1957f70","unresolved":false,"context_lines":[{"line_number":131,"context_line":"                  pod-security.kubernetes.io/enforce-version\u003dlatest"},{"line_number":132,"context_line":"                  pod-security.kubernetes.io/warn\u003dprivileged"},{"line_number":133,"context_line":"                  pod-security.kubernetes.io/warn-version\u003dlatest"},{"line_number":134,"context_line":"    Annotations:  \u003cnone\u003e"},{"line_number":135,"context_line":"    Status:       Active"},{"line_number":136,"context_line":""},{"line_number":137,"context_line":"    No resource quota."},{"line_number":138,"context_line":""},{"line_number":139,"context_line":"    No LimitRange resource."},{"line_number":140,"context_line":""},{"line_number":141,"context_line":".. rubric:: |eg|"},{"line_number":142,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"96d1154a_8bce17a3","line":139,"range":{"start_line":134,"start_character":0,"end_line":139,"end_character":27},"in_reply_to":"ba179778_b39c9e2f","updated":"2022-06-24 17:04:22.000000000","message":"Done","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":26026,"name":"Greg Waines","email":"greg.waines@windriver.com","username":"gwaines"},"change_message_id":"1ac3311a7045880a67af69bbd9b16bfffbe88fdf","unresolved":true,"context_lines":[{"line_number":137,"context_line":"    No resource quota."},{"line_number":138,"context_line":""},{"line_number":139,"context_line":"    No LimitRange resource."},{"line_number":140,"context_line":""},{"line_number":141,"context_line":".. rubric:: |eg|"},{"line_number":142,"context_line":""},{"line_number":143,"context_line":"This is how the the |PSA| security levels work."}],"source_content_type":"text/x-rst","patch_set":1,"id":"0ed0a20e_a4c09467","line":140,"updated":"2022-06-24 12:44:34.000000000","message":"ADD:\n\n\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\nPod Security Admission Controller - Usage Example\n\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"fcf536b55ac2ce49429d9e1eee8b0cbce1957f70","unresolved":false,"context_lines":[{"line_number":137,"context_line":"    No resource quota."},{"line_number":138,"context_line":""},{"line_number":139,"context_line":"    No LimitRange resource."},{"line_number":140,"context_line":""},{"line_number":141,"context_line":".. rubric:: |eg|"},{"line_number":142,"context_line":""},{"line_number":143,"context_line":"This is how the the |PSA| security levels work."}],"source_content_type":"text/x-rst","patch_set":1,"id":"99abc8a9_f7780704","line":140,"in_reply_to":"0ed0a20e_a4c09467","updated":"2022-06-24 17:04:22.000000000","message":"Done","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":26026,"name":"Greg Waines","email":"greg.waines@windriver.com","username":"gwaines"},"change_message_id":"1ac3311a7045880a67af69bbd9b16bfffbe88fdf","unresolved":true,"context_lines":[{"line_number":140,"context_line":""},{"line_number":141,"context_line":".. rubric:: |eg|"},{"line_number":142,"context_line":""},{"line_number":143,"context_line":"This is how the the |PSA| security levels work."},{"line_number":144,"context_line":""},{"line_number":145,"context_line":"-   Create a namespace for each of the 3 security policies levels: privileged,"},{"line_number":146,"context_line":"    baseline and restricted."}],"source_content_type":"text/x-rst","patch_set":1,"id":"fe79b527_f65f0157","line":143,"range":{"start_line":143,"start_character":0,"end_line":143,"end_character":47},"updated":"2022-06-24 12:44:34.000000000","message":"This page walks thru a usage example os PSA where you will:","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"fcf536b55ac2ce49429d9e1eee8b0cbce1957f70","unresolved":false,"context_lines":[{"line_number":140,"context_line":""},{"line_number":141,"context_line":".. rubric:: |eg|"},{"line_number":142,"context_line":""},{"line_number":143,"context_line":"This is how the the |PSA| security levels work."},{"line_number":144,"context_line":""},{"line_number":145,"context_line":"-   Create a namespace for each of the 3 security policies levels: privileged,"},{"line_number":146,"context_line":"    baseline and restricted."}],"source_content_type":"text/x-rst","patch_set":1,"id":"90ca7c76_51b18145","line":143,"range":{"start_line":143,"start_character":0,"end_line":143,"end_character":47},"in_reply_to":"fe79b527_f65f0157","updated":"2022-06-24 17:04:22.000000000","message":"Done","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":26026,"name":"Greg Waines","email":"greg.waines@windriver.com","username":"gwaines"},"change_message_id":"1ac3311a7045880a67af69bbd9b16bfffbe88fdf","unresolved":true,"context_lines":[{"line_number":151,"context_line":""},{"line_number":152,"context_line":"-   The pod creation will only be successful in the privileged namespace."},{"line_number":153,"context_line":""},{"line_number":154,"context_line":"Test example:"},{"line_number":155,"context_line":""},{"line_number":156,"context_line":".. code-block:: none"},{"line_number":157,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"217a21e8_824cd208","line":154,"range":{"start_line":154,"start_character":0,"end_line":154,"end_character":13},"updated":"2022-06-24 12:44:34.000000000","message":"REMOVE","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"fcf536b55ac2ce49429d9e1eee8b0cbce1957f70","unresolved":false,"context_lines":[{"line_number":151,"context_line":""},{"line_number":152,"context_line":"-   The pod creation will only be successful in the privileged namespace."},{"line_number":153,"context_line":""},{"line_number":154,"context_line":"Test example:"},{"line_number":155,"context_line":""},{"line_number":156,"context_line":".. code-block:: none"},{"line_number":157,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"7eeb218c_4bda7b1e","line":154,"range":{"start_line":154,"start_character":0,"end_line":154,"end_character":13},"in_reply_to":"217a21e8_824cd208","updated":"2022-06-24 17:04:22.000000000","message":"Done","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":26026,"name":"Greg Waines","email":"greg.waines@windriver.com","username":"gwaines"},"change_message_id":"1ac3311a7045880a67af69bbd9b16bfffbe88fdf","unresolved":true,"context_lines":[{"line_number":156,"context_line":".. code-block:: none"},{"line_number":157,"context_line":""},{"line_number":158,"context_line":"    controller-0:~$ vi baseline-ns.yaml"},{"line_number":159,"context_line":"    apiVersion: v1"},{"line_number":160,"context_line":"    kind: Namespace"},{"line_number":161,"context_line":"    metadata:"},{"line_number":162,"context_line":"     name: baseline-ns"},{"line_number":163,"context_line":"     labels:"},{"line_number":164,"context_line":"      pod-security.kubernetes.io/enforce: baseline"},{"line_number":165,"context_line":"      pod-security.kubernetes.io/enforce-version: v1.23"},{"line_number":166,"context_line":"      pod-security.kubernetes.io/warn: baseline"},{"line_number":167,"context_line":"      pod-security.kubernetes.io/warn-version: v1.23"},{"line_number":168,"context_line":"      pod-security.kubernetes.io/audit: baseline"},{"line_number":169,"context_line":"      pod-security.kubernetes.io/audit-version: v1.23"},{"line_number":170,"context_line":""},{"line_number":171,"context_line":"    controller-0:~$ kubectl apply -f baseline-ns.yaml"},{"line_number":172,"context_line":"    namespace/baseline-ns created"}],"source_content_type":"text/x-rst","patch_set":1,"id":"72cb81d6_bdf08e1d","line":169,"range":{"start_line":159,"start_character":0,"end_line":169,"end_character":53},"updated":"2022-06-24 12:44:34.000000000","message":"maybe indent this a bit to show that this is the content of the file being vi\u0027d","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"fcf536b55ac2ce49429d9e1eee8b0cbce1957f70","unresolved":false,"context_lines":[{"line_number":156,"context_line":".. code-block:: none"},{"line_number":157,"context_line":""},{"line_number":158,"context_line":"    controller-0:~$ vi baseline-ns.yaml"},{"line_number":159,"context_line":"    apiVersion: v1"},{"line_number":160,"context_line":"    kind: Namespace"},{"line_number":161,"context_line":"    metadata:"},{"line_number":162,"context_line":"     name: baseline-ns"},{"line_number":163,"context_line":"     labels:"},{"line_number":164,"context_line":"      pod-security.kubernetes.io/enforce: baseline"},{"line_number":165,"context_line":"      pod-security.kubernetes.io/enforce-version: v1.23"},{"line_number":166,"context_line":"      pod-security.kubernetes.io/warn: baseline"},{"line_number":167,"context_line":"      pod-security.kubernetes.io/warn-version: v1.23"},{"line_number":168,"context_line":"      pod-security.kubernetes.io/audit: baseline"},{"line_number":169,"context_line":"      pod-security.kubernetes.io/audit-version: v1.23"},{"line_number":170,"context_line":""},{"line_number":171,"context_line":"    controller-0:~$ kubectl apply -f baseline-ns.yaml"},{"line_number":172,"context_line":"    namespace/baseline-ns created"}],"source_content_type":"text/x-rst","patch_set":1,"id":"7c37dff4_b64944a8","line":169,"range":{"start_line":159,"start_character":0,"end_line":169,"end_character":53},"in_reply_to":"72cb81d6_bdf08e1d","updated":"2022-06-24 17:04:22.000000000","message":"Done","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":26026,"name":"Greg Waines","email":"greg.waines@windriver.com","username":"gwaines"},"change_message_id":"1ac3311a7045880a67af69bbd9b16bfffbe88fdf","unresolved":true,"context_lines":[{"line_number":169,"context_line":"      pod-security.kubernetes.io/audit-version: v1.23"},{"line_number":170,"context_line":""},{"line_number":171,"context_line":"    controller-0:~$ kubectl apply -f baseline-ns.yaml"},{"line_number":172,"context_line":"    namespace/baseline-ns created"},{"line_number":173,"context_line":"    controller-0:~$ kubectl describe namespace baseline-ns"},{"line_number":174,"context_line":"    Name:         baseline-ns"},{"line_number":175,"context_line":"    Labels:       kubernetes.io/metadata.name\u003dbaseline-ns"},{"line_number":176,"context_line":"                  pod-security.kubernetes.io/audit\u003dbaseline"},{"line_number":177,"context_line":"                  pod-security.kubernetes.io/audit-version\u003dv1.23"},{"line_number":178,"context_line":"                  pod-security.kubernetes.io/enforce\u003dbaseline"},{"line_number":179,"context_line":"                  pod-security.kubernetes.io/enforce-version\u003dv1.23"},{"line_number":180,"context_line":"                  pod-security.kubernetes.io/warn\u003dbaseline"},{"line_number":181,"context_line":"                  pod-security.kubernetes.io/warn-version\u003dv1.23"},{"line_number":182,"context_line":"    Annotations:  \u003cnone\u003e"},{"line_number":183,"context_line":"    Status:       Active"},{"line_number":184,"context_line":""},{"line_number":185,"context_line":"    No resource quota."},{"line_number":186,"context_line":""},{"line_number":187,"context_line":"    No LimitRange resource."},{"line_number":188,"context_line":"    controller-0:~$"},{"line_number":189,"context_line":""},{"line_number":190,"context_line":"    controller-0:~$ vi privileged-ns.yaml"},{"line_number":191,"context_line":"    apiVersion: v1"}],"source_content_type":"text/x-rst","patch_set":1,"id":"3c04c4de_8b1709e5","line":188,"range":{"start_line":172,"start_character":0,"end_line":188,"end_character":19},"updated":"2022-06-24 12:44:34.000000000","message":"REMOVE","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"fcf536b55ac2ce49429d9e1eee8b0cbce1957f70","unresolved":false,"context_lines":[{"line_number":169,"context_line":"      pod-security.kubernetes.io/audit-version: v1.23"},{"line_number":170,"context_line":""},{"line_number":171,"context_line":"    controller-0:~$ kubectl apply -f baseline-ns.yaml"},{"line_number":172,"context_line":"    namespace/baseline-ns created"},{"line_number":173,"context_line":"    controller-0:~$ kubectl describe namespace baseline-ns"},{"line_number":174,"context_line":"    Name:         baseline-ns"},{"line_number":175,"context_line":"    Labels:       kubernetes.io/metadata.name\u003dbaseline-ns"},{"line_number":176,"context_line":"                  pod-security.kubernetes.io/audit\u003dbaseline"},{"line_number":177,"context_line":"                  pod-security.kubernetes.io/audit-version\u003dv1.23"},{"line_number":178,"context_line":"                  pod-security.kubernetes.io/enforce\u003dbaseline"},{"line_number":179,"context_line":"                  pod-security.kubernetes.io/enforce-version\u003dv1.23"},{"line_number":180,"context_line":"                  pod-security.kubernetes.io/warn\u003dbaseline"},{"line_number":181,"context_line":"                  pod-security.kubernetes.io/warn-version\u003dv1.23"},{"line_number":182,"context_line":"    Annotations:  \u003cnone\u003e"},{"line_number":183,"context_line":"    Status:       Active"},{"line_number":184,"context_line":""},{"line_number":185,"context_line":"    No resource quota."},{"line_number":186,"context_line":""},{"line_number":187,"context_line":"    No LimitRange resource."},{"line_number":188,"context_line":"    controller-0:~$"},{"line_number":189,"context_line":""},{"line_number":190,"context_line":"    controller-0:~$ vi privileged-ns.yaml"},{"line_number":191,"context_line":"    apiVersion: v1"}],"source_content_type":"text/x-rst","patch_set":1,"id":"48fa2e9b_251cd6e0","line":188,"range":{"start_line":172,"start_character":0,"end_line":188,"end_character":19},"in_reply_to":"3c04c4de_8b1709e5","updated":"2022-06-24 17:04:22.000000000","message":"Done","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":26026,"name":"Greg Waines","email":"greg.waines@windriver.com","username":"gwaines"},"change_message_id":"1ac3311a7045880a67af69bbd9b16bfffbe88fdf","unresolved":true,"context_lines":[{"line_number":188,"context_line":"    controller-0:~$"},{"line_number":189,"context_line":""},{"line_number":190,"context_line":"    controller-0:~$ vi privileged-ns.yaml"},{"line_number":191,"context_line":"    apiVersion: v1"},{"line_number":192,"context_line":"    kind: Namespace"},{"line_number":193,"context_line":"    metadata:"},{"line_number":194,"context_line":"     name: privileged-ns"},{"line_number":195,"context_line":"     labels:"},{"line_number":196,"context_line":"       pod-security.kubernetes.io/enforce: privileged"},{"line_number":197,"context_line":"       pod-security.kubernetes.io/enforce-version: v1.23"},{"line_number":198,"context_line":"       pod-security.kubernetes.io/warn: privileged"},{"line_number":199,"context_line":"       pod-security.kubernetes.io/warn-version: v1.23"},{"line_number":200,"context_line":"       pod-security.kubernetes.io/audit: privileged"},{"line_number":201,"context_line":"       pod-security.kubernetes.io/audit-version: v1.23"},{"line_number":202,"context_line":""},{"line_number":203,"context_line":"    controller-0:~$ kubectl apply -f privileged-ns.yaml"},{"line_number":204,"context_line":"    namespace/privileged-ns created"}],"source_content_type":"text/x-rst","patch_set":1,"id":"829bb3ad_f92d8b23","line":201,"range":{"start_line":191,"start_character":0,"end_line":201,"end_character":54},"updated":"2022-06-24 12:44:34.000000000","message":"again indent a bit to show this is the content to put in the file being vi\u0027d","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"fcf536b55ac2ce49429d9e1eee8b0cbce1957f70","unresolved":false,"context_lines":[{"line_number":188,"context_line":"    controller-0:~$"},{"line_number":189,"context_line":""},{"line_number":190,"context_line":"    controller-0:~$ vi privileged-ns.yaml"},{"line_number":191,"context_line":"    apiVersion: v1"},{"line_number":192,"context_line":"    kind: Namespace"},{"line_number":193,"context_line":"    metadata:"},{"line_number":194,"context_line":"     name: privileged-ns"},{"line_number":195,"context_line":"     labels:"},{"line_number":196,"context_line":"       pod-security.kubernetes.io/enforce: privileged"},{"line_number":197,"context_line":"       pod-security.kubernetes.io/enforce-version: v1.23"},{"line_number":198,"context_line":"       pod-security.kubernetes.io/warn: privileged"},{"line_number":199,"context_line":"       pod-security.kubernetes.io/warn-version: v1.23"},{"line_number":200,"context_line":"       pod-security.kubernetes.io/audit: privileged"},{"line_number":201,"context_line":"       pod-security.kubernetes.io/audit-version: v1.23"},{"line_number":202,"context_line":""},{"line_number":203,"context_line":"    controller-0:~$ kubectl apply -f privileged-ns.yaml"},{"line_number":204,"context_line":"    namespace/privileged-ns created"}],"source_content_type":"text/x-rst","patch_set":1,"id":"08105ec4_d7f9f2e4","line":201,"range":{"start_line":191,"start_character":0,"end_line":201,"end_character":54},"in_reply_to":"829bb3ad_f92d8b23","updated":"2022-06-24 17:04:22.000000000","message":"Done","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":26026,"name":"Greg Waines","email":"greg.waines@windriver.com","username":"gwaines"},"change_message_id":"1ac3311a7045880a67af69bbd9b16bfffbe88fdf","unresolved":true,"context_lines":[{"line_number":201,"context_line":"       pod-security.kubernetes.io/audit-version: v1.23"},{"line_number":202,"context_line":""},{"line_number":203,"context_line":"    controller-0:~$ kubectl apply -f privileged-ns.yaml"},{"line_number":204,"context_line":"    namespace/privileged-ns created"},{"line_number":205,"context_line":"    controller-0:~$ kubectl describe namespace privileged-ns"},{"line_number":206,"context_line":"    Name:         privileged-ns"},{"line_number":207,"context_line":"    Labels:       kubernetes.io/metadata.name\u003dprivileged-ns"},{"line_number":208,"context_line":"                  pod-security.kubernetes.io/audit\u003dprivileged"},{"line_number":209,"context_line":"                  pod-security.kubernetes.io/audit-version\u003dv1.23"},{"line_number":210,"context_line":"                  pod-security.kubernetes.io/enforce\u003dprivileged"},{"line_number":211,"context_line":"                  pod-security.kubernetes.io/enforce-version\u003dv1.23"},{"line_number":212,"context_line":"                  pod-security.kubernetes.io/warn\u003dprivileged"},{"line_number":213,"context_line":"                  pod-security.kubernetes.io/warn-version\u003dv1.23"},{"line_number":214,"context_line":"    Annotations:  \u003cnone\u003e"},{"line_number":215,"context_line":"    Status:       Active"},{"line_number":216,"context_line":""},{"line_number":217,"context_line":"    No resource quota."},{"line_number":218,"context_line":""},{"line_number":219,"context_line":"    No LimitRange resource."},{"line_number":220,"context_line":"    controller-0:~$"},{"line_number":221,"context_line":""},{"line_number":222,"context_line":"    controller-0:~$ vi restricted-ns.yaml"},{"line_number":223,"context_line":"    apiVersion: v1"}],"source_content_type":"text/x-rst","patch_set":1,"id":"0b5558c0_265cb2ac","line":220,"range":{"start_line":204,"start_character":0,"end_line":220,"end_character":19},"updated":"2022-06-24 12:44:34.000000000","message":"REMOVE","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"fcf536b55ac2ce49429d9e1eee8b0cbce1957f70","unresolved":false,"context_lines":[{"line_number":201,"context_line":"       pod-security.kubernetes.io/audit-version: v1.23"},{"line_number":202,"context_line":""},{"line_number":203,"context_line":"    controller-0:~$ kubectl apply -f privileged-ns.yaml"},{"line_number":204,"context_line":"    namespace/privileged-ns created"},{"line_number":205,"context_line":"    controller-0:~$ kubectl describe namespace privileged-ns"},{"line_number":206,"context_line":"    Name:         privileged-ns"},{"line_number":207,"context_line":"    Labels:       kubernetes.io/metadata.name\u003dprivileged-ns"},{"line_number":208,"context_line":"                  pod-security.kubernetes.io/audit\u003dprivileged"},{"line_number":209,"context_line":"                  pod-security.kubernetes.io/audit-version\u003dv1.23"},{"line_number":210,"context_line":"                  pod-security.kubernetes.io/enforce\u003dprivileged"},{"line_number":211,"context_line":"                  pod-security.kubernetes.io/enforce-version\u003dv1.23"},{"line_number":212,"context_line":"                  pod-security.kubernetes.io/warn\u003dprivileged"},{"line_number":213,"context_line":"                  pod-security.kubernetes.io/warn-version\u003dv1.23"},{"line_number":214,"context_line":"    Annotations:  \u003cnone\u003e"},{"line_number":215,"context_line":"    Status:       Active"},{"line_number":216,"context_line":""},{"line_number":217,"context_line":"    No resource quota."},{"line_number":218,"context_line":""},{"line_number":219,"context_line":"    No LimitRange resource."},{"line_number":220,"context_line":"    controller-0:~$"},{"line_number":221,"context_line":""},{"line_number":222,"context_line":"    controller-0:~$ vi restricted-ns.yaml"},{"line_number":223,"context_line":"    apiVersion: v1"}],"source_content_type":"text/x-rst","patch_set":1,"id":"249bbef7_8a44d653","line":220,"range":{"start_line":204,"start_character":0,"end_line":220,"end_character":19},"in_reply_to":"0b5558c0_265cb2ac","updated":"2022-06-24 17:04:22.000000000","message":"Done","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":26026,"name":"Greg Waines","email":"greg.waines@windriver.com","username":"gwaines"},"change_message_id":"1ac3311a7045880a67af69bbd9b16bfffbe88fdf","unresolved":true,"context_lines":[{"line_number":220,"context_line":"    controller-0:~$"},{"line_number":221,"context_line":""},{"line_number":222,"context_line":"    controller-0:~$ vi restricted-ns.yaml"},{"line_number":223,"context_line":"    apiVersion: v1"},{"line_number":224,"context_line":"    kind: Namespace"},{"line_number":225,"context_line":"    metadata:"},{"line_number":226,"context_line":"     name: restricted-ns"},{"line_number":227,"context_line":"     labels:"},{"line_number":228,"context_line":"       pod-security.kubernetes.io/enforce: restricted"},{"line_number":229,"context_line":"       pod-security.kubernetes.io/enforce-version: v1.23"},{"line_number":230,"context_line":"       pod-security.kubernetes.io/warn: restricted"},{"line_number":231,"context_line":"       pod-security.kubernetes.io/warn-version: v1.23"},{"line_number":232,"context_line":"       pod-security.kubernetes.io/audit: restricted"},{"line_number":233,"context_line":"       pod-security.kubernetes.io/audit-version: v1.23"},{"line_number":234,"context_line":""},{"line_number":235,"context_line":"    controller-0:~$ kubectl apply -f restricted-ns.yaml"},{"line_number":236,"context_line":"    namespace/restricted-ns created"}],"source_content_type":"text/x-rst","patch_set":1,"id":"3633770b_c3334a22","line":233,"range":{"start_line":223,"start_character":0,"end_line":233,"end_character":54},"updated":"2022-06-24 12:44:34.000000000","message":"again indent a bit to show this is the content to put in the file being vi\u0027d","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"fcf536b55ac2ce49429d9e1eee8b0cbce1957f70","unresolved":false,"context_lines":[{"line_number":220,"context_line":"    controller-0:~$"},{"line_number":221,"context_line":""},{"line_number":222,"context_line":"    controller-0:~$ vi restricted-ns.yaml"},{"line_number":223,"context_line":"    apiVersion: v1"},{"line_number":224,"context_line":"    kind: Namespace"},{"line_number":225,"context_line":"    metadata:"},{"line_number":226,"context_line":"     name: restricted-ns"},{"line_number":227,"context_line":"     labels:"},{"line_number":228,"context_line":"       pod-security.kubernetes.io/enforce: restricted"},{"line_number":229,"context_line":"       pod-security.kubernetes.io/enforce-version: v1.23"},{"line_number":230,"context_line":"       pod-security.kubernetes.io/warn: restricted"},{"line_number":231,"context_line":"       pod-security.kubernetes.io/warn-version: v1.23"},{"line_number":232,"context_line":"       pod-security.kubernetes.io/audit: restricted"},{"line_number":233,"context_line":"       pod-security.kubernetes.io/audit-version: v1.23"},{"line_number":234,"context_line":""},{"line_number":235,"context_line":"    controller-0:~$ kubectl apply -f restricted-ns.yaml"},{"line_number":236,"context_line":"    namespace/restricted-ns created"}],"source_content_type":"text/x-rst","patch_set":1,"id":"0fd03717_8865f847","line":233,"range":{"start_line":223,"start_character":0,"end_line":233,"end_character":54},"in_reply_to":"3633770b_c3334a22","updated":"2022-06-24 17:04:22.000000000","message":"Done","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":26026,"name":"Greg Waines","email":"greg.waines@windriver.com","username":"gwaines"},"change_message_id":"1ac3311a7045880a67af69bbd9b16bfffbe88fdf","unresolved":true,"context_lines":[{"line_number":233,"context_line":"       pod-security.kubernetes.io/audit-version: v1.23"},{"line_number":234,"context_line":""},{"line_number":235,"context_line":"    controller-0:~$ kubectl apply -f restricted-ns.yaml"},{"line_number":236,"context_line":"    namespace/restricted-ns created"},{"line_number":237,"context_line":"    controller-0:~$ kubectl describe namespace restricted-ns"},{"line_number":238,"context_line":"    Name:         restricted-ns"},{"line_number":239,"context_line":"    Labels:       kubernetes.io/metadata.name\u003drestricted-ns"},{"line_number":240,"context_line":"                  pod-security.kubernetes.io/audit\u003drestricted"},{"line_number":241,"context_line":"                  pod-security.kubernetes.io/audit-version\u003dv1.23"},{"line_number":242,"context_line":"                  pod-security.kubernetes.io/enforce\u003drestricted"},{"line_number":243,"context_line":"                  pod-security.kubernetes.io/enforce-version\u003dv1.23"},{"line_number":244,"context_line":"                  pod-security.kubernetes.io/warn\u003drestricted"},{"line_number":245,"context_line":"                  pod-security.kubernetes.io/warn-version\u003dv1.23"},{"line_number":246,"context_line":"    Annotations:  \u003cnone\u003e"},{"line_number":247,"context_line":"    Status:       Active"},{"line_number":248,"context_line":""},{"line_number":249,"context_line":"    No resource quota."},{"line_number":250,"context_line":""},{"line_number":251,"context_line":"    No LimitRange resource."},{"line_number":252,"context_line":"    controller-0:~$"},{"line_number":253,"context_line":""},{"line_number":254,"context_line":"    controller-0:~$ vi privileged-pod.yaml"},{"line_number":255,"context_line":"    apiVersion: v1"}],"source_content_type":"text/x-rst","patch_set":1,"id":"20aa13f3_2f2f5d91","line":252,"range":{"start_line":236,"start_character":0,"end_line":252,"end_character":19},"updated":"2022-06-24 12:44:34.000000000","message":"REMOVE","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"fcf536b55ac2ce49429d9e1eee8b0cbce1957f70","unresolved":false,"context_lines":[{"line_number":233,"context_line":"       pod-security.kubernetes.io/audit-version: v1.23"},{"line_number":234,"context_line":""},{"line_number":235,"context_line":"    controller-0:~$ kubectl apply -f restricted-ns.yaml"},{"line_number":236,"context_line":"    namespace/restricted-ns created"},{"line_number":237,"context_line":"    controller-0:~$ kubectl describe namespace restricted-ns"},{"line_number":238,"context_line":"    Name:         restricted-ns"},{"line_number":239,"context_line":"    Labels:       kubernetes.io/metadata.name\u003drestricted-ns"},{"line_number":240,"context_line":"                  pod-security.kubernetes.io/audit\u003drestricted"},{"line_number":241,"context_line":"                  pod-security.kubernetes.io/audit-version\u003dv1.23"},{"line_number":242,"context_line":"                  pod-security.kubernetes.io/enforce\u003drestricted"},{"line_number":243,"context_line":"                  pod-security.kubernetes.io/enforce-version\u003dv1.23"},{"line_number":244,"context_line":"                  pod-security.kubernetes.io/warn\u003drestricted"},{"line_number":245,"context_line":"                  pod-security.kubernetes.io/warn-version\u003dv1.23"},{"line_number":246,"context_line":"    Annotations:  \u003cnone\u003e"},{"line_number":247,"context_line":"    Status:       Active"},{"line_number":248,"context_line":""},{"line_number":249,"context_line":"    No resource quota."},{"line_number":250,"context_line":""},{"line_number":251,"context_line":"    No LimitRange resource."},{"line_number":252,"context_line":"    controller-0:~$"},{"line_number":253,"context_line":""},{"line_number":254,"context_line":"    controller-0:~$ vi privileged-pod.yaml"},{"line_number":255,"context_line":"    apiVersion: v1"}],"source_content_type":"text/x-rst","patch_set":1,"id":"07ab5a90_a3c96b72","line":252,"range":{"start_line":236,"start_character":0,"end_line":252,"end_character":19},"in_reply_to":"20aa13f3_2f2f5d91","updated":"2022-06-24 17:04:22.000000000","message":"Done","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":26026,"name":"Greg Waines","email":"greg.waines@windriver.com","username":"gwaines"},"change_message_id":"1ac3311a7045880a67af69bbd9b16bfffbe88fdf","unresolved":true,"context_lines":[{"line_number":252,"context_line":"    controller-0:~$"},{"line_number":253,"context_line":""},{"line_number":254,"context_line":"    controller-0:~$ vi privileged-pod.yaml"},{"line_number":255,"context_line":"    apiVersion: v1"},{"line_number":256,"context_line":"    kind: Pod"},{"line_number":257,"context_line":"    metadata:"},{"line_number":258,"context_line":"     name: privileged"},{"line_number":259,"context_line":"    spec:"},{"line_number":260,"context_line":"     containers:"},{"line_number":261,"context_line":"      - name: pause"},{"line_number":262,"context_line":"        image: k8s.gcr.io/pause"},{"line_number":263,"context_line":"        securityContext:"},{"line_number":264,"context_line":"         privileged: true"},{"line_number":265,"context_line":""},{"line_number":266,"context_line":"    controller-0:~$ kubectl -n privileged-ns apply -f privileged-pod.yaml"},{"line_number":267,"context_line":"    pod/privileged created"}],"source_content_type":"text/x-rst","patch_set":1,"id":"5dcc57c1_00ca480c","line":264,"range":{"start_line":255,"start_character":0,"end_line":264,"end_character":25},"updated":"2022-06-24 12:44:34.000000000","message":"again indent a bit to show this is the content to put in the file being vi\u0027d","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"fcf536b55ac2ce49429d9e1eee8b0cbce1957f70","unresolved":false,"context_lines":[{"line_number":252,"context_line":"    controller-0:~$"},{"line_number":253,"context_line":""},{"line_number":254,"context_line":"    controller-0:~$ vi privileged-pod.yaml"},{"line_number":255,"context_line":"    apiVersion: v1"},{"line_number":256,"context_line":"    kind: Pod"},{"line_number":257,"context_line":"    metadata:"},{"line_number":258,"context_line":"     name: privileged"},{"line_number":259,"context_line":"    spec:"},{"line_number":260,"context_line":"     containers:"},{"line_number":261,"context_line":"      - name: pause"},{"line_number":262,"context_line":"        image: k8s.gcr.io/pause"},{"line_number":263,"context_line":"        securityContext:"},{"line_number":264,"context_line":"         privileged: true"},{"line_number":265,"context_line":""},{"line_number":266,"context_line":"    controller-0:~$ kubectl -n privileged-ns apply -f privileged-pod.yaml"},{"line_number":267,"context_line":"    pod/privileged created"}],"source_content_type":"text/x-rst","patch_set":1,"id":"02ec851c_84b7e112","line":264,"range":{"start_line":255,"start_character":0,"end_line":264,"end_character":25},"in_reply_to":"5dcc57c1_00ca480c","updated":"2022-06-24 17:04:22.000000000","message":"Done","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":26026,"name":"Greg Waines","email":"greg.waines@windriver.com","username":"gwaines"},"change_message_id":"1ac3311a7045880a67af69bbd9b16bfffbe88fdf","unresolved":true,"context_lines":[{"line_number":138,"context_line":""},{"line_number":139,"context_line":"    No LimitRange resource."},{"line_number":140,"context_line":""},{"line_number":141,"context_line":".. rubric:: |eg|"},{"line_number":142,"context_line":""},{"line_number":143,"context_line":"This is how the the |PSA| security levels work."},{"line_number":144,"context_line":""},{"line_number":145,"context_line":"-   Create a namespace for each of the 3 security policies levels: privileged,"},{"line_number":146,"context_line":"    baseline and restricted."},{"line_number":147,"context_line":""},{"line_number":148,"context_line":"-   Create a yaml file with a privileged pod configuration."},{"line_number":149,"context_line":""},{"line_number":150,"context_line":"-   Create a privileged pod in all 3 namespaces."},{"line_number":151,"context_line":""},{"line_number":152,"context_line":"-   The pod creation will only be successful in the privileged namespace."},{"line_number":153,"context_line":""},{"line_number":154,"context_line":"Test example:"},{"line_number":155,"context_line":""},{"line_number":156,"context_line":".. code-block:: none"},{"line_number":157,"context_line":""},{"line_number":158,"context_line":"    controller-0:~$ vi baseline-ns.yaml"},{"line_number":159,"context_line":"    apiVersion: v1"},{"line_number":160,"context_line":"    kind: Namespace"},{"line_number":161,"context_line":"    metadata:"},{"line_number":162,"context_line":"     name: baseline-ns"},{"line_number":163,"context_line":"     labels:"},{"line_number":164,"context_line":"      pod-security.kubernetes.io/enforce: baseline"},{"line_number":165,"context_line":"      pod-security.kubernetes.io/enforce-version: v1.23"},{"line_number":166,"context_line":"      pod-security.kubernetes.io/warn: baseline"},{"line_number":167,"context_line":"      pod-security.kubernetes.io/warn-version: v1.23"},{"line_number":168,"context_line":"      pod-security.kubernetes.io/audit: baseline"},{"line_number":169,"context_line":"      pod-security.kubernetes.io/audit-version: v1.23"},{"line_number":170,"context_line":""},{"line_number":171,"context_line":"    controller-0:~$ kubectl apply -f baseline-ns.yaml"},{"line_number":172,"context_line":"    namespace/baseline-ns created"},{"line_number":173,"context_line":"    controller-0:~$ kubectl describe namespace baseline-ns"},{"line_number":174,"context_line":"    Name:         baseline-ns"},{"line_number":175,"context_line":"    Labels:       kubernetes.io/metadata.name\u003dbaseline-ns"},{"line_number":176,"context_line":"                  pod-security.kubernetes.io/audit\u003dbaseline"},{"line_number":177,"context_line":"                  pod-security.kubernetes.io/audit-version\u003dv1.23"},{"line_number":178,"context_line":"                  pod-security.kubernetes.io/enforce\u003dbaseline"},{"line_number":179,"context_line":"                  pod-security.kubernetes.io/enforce-version\u003dv1.23"},{"line_number":180,"context_line":"                  pod-security.kubernetes.io/warn\u003dbaseline"},{"line_number":181,"context_line":"                  pod-security.kubernetes.io/warn-version\u003dv1.23"},{"line_number":182,"context_line":"    Annotations:  \u003cnone\u003e"},{"line_number":183,"context_line":"    Status:       Active"},{"line_number":184,"context_line":""},{"line_number":185,"context_line":"    No resource quota."},{"line_number":186,"context_line":""},{"line_number":187,"context_line":"    No LimitRange resource."},{"line_number":188,"context_line":"    controller-0:~$"},{"line_number":189,"context_line":""},{"line_number":190,"context_line":"    controller-0:~$ vi privileged-ns.yaml"},{"line_number":191,"context_line":"    apiVersion: v1"},{"line_number":192,"context_line":"    kind: Namespace"},{"line_number":193,"context_line":"    metadata:"},{"line_number":194,"context_line":"     name: privileged-ns"},{"line_number":195,"context_line":"     labels:"},{"line_number":196,"context_line":"       pod-security.kubernetes.io/enforce: privileged"},{"line_number":197,"context_line":"       pod-security.kubernetes.io/enforce-version: v1.23"},{"line_number":198,"context_line":"       pod-security.kubernetes.io/warn: privileged"},{"line_number":199,"context_line":"       pod-security.kubernetes.io/warn-version: v1.23"},{"line_number":200,"context_line":"       pod-security.kubernetes.io/audit: privileged"},{"line_number":201,"context_line":"       pod-security.kubernetes.io/audit-version: v1.23"},{"line_number":202,"context_line":""},{"line_number":203,"context_line":"    controller-0:~$ kubectl apply -f privileged-ns.yaml"},{"line_number":204,"context_line":"    namespace/privileged-ns created"},{"line_number":205,"context_line":"    controller-0:~$ kubectl describe namespace privileged-ns"},{"line_number":206,"context_line":"    Name:         privileged-ns"},{"line_number":207,"context_line":"    Labels:       kubernetes.io/metadata.name\u003dprivileged-ns"},{"line_number":208,"context_line":"                  pod-security.kubernetes.io/audit\u003dprivileged"},{"line_number":209,"context_line":"                  pod-security.kubernetes.io/audit-version\u003dv1.23"},{"line_number":210,"context_line":"                  pod-security.kubernetes.io/enforce\u003dprivileged"},{"line_number":211,"context_line":"                  pod-security.kubernetes.io/enforce-version\u003dv1.23"},{"line_number":212,"context_line":"                  pod-security.kubernetes.io/warn\u003dprivileged"},{"line_number":213,"context_line":"                  pod-security.kubernetes.io/warn-version\u003dv1.23"},{"line_number":214,"context_line":"    Annotations:  \u003cnone\u003e"},{"line_number":215,"context_line":"    Status:       Active"},{"line_number":216,"context_line":""},{"line_number":217,"context_line":"    No resource quota."},{"line_number":218,"context_line":""},{"line_number":219,"context_line":"    No LimitRange resource."},{"line_number":220,"context_line":"    controller-0:~$"},{"line_number":221,"context_line":""},{"line_number":222,"context_line":"    controller-0:~$ vi restricted-ns.yaml"},{"line_number":223,"context_line":"    apiVersion: v1"},{"line_number":224,"context_line":"    kind: Namespace"},{"line_number":225,"context_line":"    metadata:"},{"line_number":226,"context_line":"     name: restricted-ns"},{"line_number":227,"context_line":"     labels:"},{"line_number":228,"context_line":"       pod-security.kubernetes.io/enforce: restricted"},{"line_number":229,"context_line":"       pod-security.kubernetes.io/enforce-version: v1.23"},{"line_number":230,"context_line":"       pod-security.kubernetes.io/warn: restricted"},{"line_number":231,"context_line":"       pod-security.kubernetes.io/warn-version: v1.23"},{"line_number":232,"context_line":"       pod-security.kubernetes.io/audit: restricted"},{"line_number":233,"context_line":"       pod-security.kubernetes.io/audit-version: v1.23"},{"line_number":234,"context_line":""},{"line_number":235,"context_line":"    controller-0:~$ kubectl apply -f restricted-ns.yaml"},{"line_number":236,"context_line":"    namespace/restricted-ns created"},{"line_number":237,"context_line":"    controller-0:~$ kubectl describe namespace restricted-ns"},{"line_number":238,"context_line":"    Name:         restricted-ns"},{"line_number":239,"context_line":"    Labels:       kubernetes.io/metadata.name\u003drestricted-ns"},{"line_number":240,"context_line":"                  pod-security.kubernetes.io/audit\u003drestricted"},{"line_number":241,"context_line":"                  pod-security.kubernetes.io/audit-version\u003dv1.23"},{"line_number":242,"context_line":"                  pod-security.kubernetes.io/enforce\u003drestricted"},{"line_number":243,"context_line":"                  pod-security.kubernetes.io/enforce-version\u003dv1.23"},{"line_number":244,"context_line":"                  pod-security.kubernetes.io/warn\u003drestricted"},{"line_number":245,"context_line":"                  pod-security.kubernetes.io/warn-version\u003dv1.23"},{"line_number":246,"context_line":"    Annotations:  \u003cnone\u003e"},{"line_number":247,"context_line":"    Status:       Active"},{"line_number":248,"context_line":""},{"line_number":249,"context_line":"    No resource quota."},{"line_number":250,"context_line":""},{"line_number":251,"context_line":"    No LimitRange resource."},{"line_number":252,"context_line":"    controller-0:~$"},{"line_number":253,"context_line":""},{"line_number":254,"context_line":"    controller-0:~$ vi privileged-pod.yaml"},{"line_number":255,"context_line":"    apiVersion: v1"},{"line_number":256,"context_line":"    kind: Pod"},{"line_number":257,"context_line":"    metadata:"},{"line_number":258,"context_line":"     name: privileged"},{"line_number":259,"context_line":"    spec:"},{"line_number":260,"context_line":"     containers:"},{"line_number":261,"context_line":"      - name: pause"},{"line_number":262,"context_line":"        image: k8s.gcr.io/pause"},{"line_number":263,"context_line":"        securityContext:"},{"line_number":264,"context_line":"         privileged: true"},{"line_number":265,"context_line":""},{"line_number":266,"context_line":"    controller-0:~$ kubectl -n privileged-ns apply -f privileged-pod.yaml"},{"line_number":267,"context_line":"    pod/privileged created"},{"line_number":268,"context_line":""},{"line_number":269,"context_line":"    controller-0:~$ kubectl -n baseline-ns apply -f privileged-pod.yaml"},{"line_number":270,"context_line":"    Error from server (Failure): error when creating \"privileged-pod.yaml\": privileged (container \"pause\" must not set securityContext.privileged\u003dtrue)"},{"line_number":271,"context_line":""},{"line_number":272,"context_line":"    controller-0:~$ kubectl -n restricted-ns apply -f privileged-pod.yaml"},{"line_number":273,"context_line":"    Error from server (Failure): error when creating \"privileged-pod.yaml\": privileged (container \"pause\" must not set securityContext.privileged\u003dtrue), allowPrivilegeEscalation !\u003d false (container \"pause\" must set securityContext.allowPrivilegeEscalation\u003dfalse), unrestricted capabilities (container \"pause\" must set securityContext.capabilities.drop\u003d[\"ALL\"]), runAsNonRoot !\u003d true (pod or container \"pause\" must set securityContext.runAsNonRoot\u003dtrue), seccompProfile (pod or container \"pause\" must set securityContext.seccompProfile.type to \"RuntimeDefault\" or \"Localhost\")"},{"line_number":274,"context_line":"    controller-0:~$"},{"line_number":275,"context_line":""},{"line_number":276,"context_line":"For more information refer to"},{"line_number":277,"context_line":"`https://kubernetes.io/docs/concepts/security/pod-security-admission/"},{"line_number":278,"context_line":"\u003chttps://kubernetes.io/docs/concepts/security/pod-security-admission/\u003e`__."}],"source_content_type":"text/x-rst","patch_set":1,"id":"b4045d49_4d366b8a","line":278,"range":{"start_line":141,"start_character":1,"end_line":278,"end_character":74},"updated":"2022-06-24 12:44:34.000000000","message":"based on current page organization,\nthis should be on a separate page.","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"fcf536b55ac2ce49429d9e1eee8b0cbce1957f70","unresolved":false,"context_lines":[{"line_number":138,"context_line":""},{"line_number":139,"context_line":"    No LimitRange resource."},{"line_number":140,"context_line":""},{"line_number":141,"context_line":".. rubric:: |eg|"},{"line_number":142,"context_line":""},{"line_number":143,"context_line":"This is how the the |PSA| security levels work."},{"line_number":144,"context_line":""},{"line_number":145,"context_line":"-   Create a namespace for each of the 3 security policies levels: privileged,"},{"line_number":146,"context_line":"    baseline and restricted."},{"line_number":147,"context_line":""},{"line_number":148,"context_line":"-   Create a yaml file with a privileged pod configuration."},{"line_number":149,"context_line":""},{"line_number":150,"context_line":"-   Create a privileged pod in all 3 namespaces."},{"line_number":151,"context_line":""},{"line_number":152,"context_line":"-   The pod creation will only be successful in the privileged namespace."},{"line_number":153,"context_line":""},{"line_number":154,"context_line":"Test example:"},{"line_number":155,"context_line":""},{"line_number":156,"context_line":".. code-block:: none"},{"line_number":157,"context_line":""},{"line_number":158,"context_line":"    controller-0:~$ vi baseline-ns.yaml"},{"line_number":159,"context_line":"    apiVersion: v1"},{"line_number":160,"context_line":"    kind: Namespace"},{"line_number":161,"context_line":"    metadata:"},{"line_number":162,"context_line":"     name: baseline-ns"},{"line_number":163,"context_line":"     labels:"},{"line_number":164,"context_line":"      pod-security.kubernetes.io/enforce: baseline"},{"line_number":165,"context_line":"      pod-security.kubernetes.io/enforce-version: v1.23"},{"line_number":166,"context_line":"      pod-security.kubernetes.io/warn: baseline"},{"line_number":167,"context_line":"      pod-security.kubernetes.io/warn-version: v1.23"},{"line_number":168,"context_line":"      pod-security.kubernetes.io/audit: baseline"},{"line_number":169,"context_line":"      pod-security.kubernetes.io/audit-version: v1.23"},{"line_number":170,"context_line":""},{"line_number":171,"context_line":"    controller-0:~$ kubectl apply -f baseline-ns.yaml"},{"line_number":172,"context_line":"    namespace/baseline-ns created"},{"line_number":173,"context_line":"    controller-0:~$ kubectl describe namespace baseline-ns"},{"line_number":174,"context_line":"    Name:         baseline-ns"},{"line_number":175,"context_line":"    Labels:       kubernetes.io/metadata.name\u003dbaseline-ns"},{"line_number":176,"context_line":"                  pod-security.kubernetes.io/audit\u003dbaseline"},{"line_number":177,"context_line":"                  pod-security.kubernetes.io/audit-version\u003dv1.23"},{"line_number":178,"context_line":"                  pod-security.kubernetes.io/enforce\u003dbaseline"},{"line_number":179,"context_line":"                  pod-security.kubernetes.io/enforce-version\u003dv1.23"},{"line_number":180,"context_line":"                  pod-security.kubernetes.io/warn\u003dbaseline"},{"line_number":181,"context_line":"                  pod-security.kubernetes.io/warn-version\u003dv1.23"},{"line_number":182,"context_line":"    Annotations:  \u003cnone\u003e"},{"line_number":183,"context_line":"    Status:       Active"},{"line_number":184,"context_line":""},{"line_number":185,"context_line":"    No resource quota."},{"line_number":186,"context_line":""},{"line_number":187,"context_line":"    No LimitRange resource."},{"line_number":188,"context_line":"    controller-0:~$"},{"line_number":189,"context_line":""},{"line_number":190,"context_line":"    controller-0:~$ vi privileged-ns.yaml"},{"line_number":191,"context_line":"    apiVersion: v1"},{"line_number":192,"context_line":"    kind: Namespace"},{"line_number":193,"context_line":"    metadata:"},{"line_number":194,"context_line":"     name: privileged-ns"},{"line_number":195,"context_line":"     labels:"},{"line_number":196,"context_line":"       pod-security.kubernetes.io/enforce: privileged"},{"line_number":197,"context_line":"       pod-security.kubernetes.io/enforce-version: v1.23"},{"line_number":198,"context_line":"       pod-security.kubernetes.io/warn: privileged"},{"line_number":199,"context_line":"       pod-security.kubernetes.io/warn-version: v1.23"},{"line_number":200,"context_line":"       pod-security.kubernetes.io/audit: privileged"},{"line_number":201,"context_line":"       pod-security.kubernetes.io/audit-version: v1.23"},{"line_number":202,"context_line":""},{"line_number":203,"context_line":"    controller-0:~$ kubectl apply -f privileged-ns.yaml"},{"line_number":204,"context_line":"    namespace/privileged-ns created"},{"line_number":205,"context_line":"    controller-0:~$ kubectl describe namespace privileged-ns"},{"line_number":206,"context_line":"    Name:         privileged-ns"},{"line_number":207,"context_line":"    Labels:       kubernetes.io/metadata.name\u003dprivileged-ns"},{"line_number":208,"context_line":"                  pod-security.kubernetes.io/audit\u003dprivileged"},{"line_number":209,"context_line":"                  pod-security.kubernetes.io/audit-version\u003dv1.23"},{"line_number":210,"context_line":"                  pod-security.kubernetes.io/enforce\u003dprivileged"},{"line_number":211,"context_line":"                  pod-security.kubernetes.io/enforce-version\u003dv1.23"},{"line_number":212,"context_line":"                  pod-security.kubernetes.io/warn\u003dprivileged"},{"line_number":213,"context_line":"                  pod-security.kubernetes.io/warn-version\u003dv1.23"},{"line_number":214,"context_line":"    Annotations:  \u003cnone\u003e"},{"line_number":215,"context_line":"    Status:       Active"},{"line_number":216,"context_line":""},{"line_number":217,"context_line":"    No resource quota."},{"line_number":218,"context_line":""},{"line_number":219,"context_line":"    No LimitRange resource."},{"line_number":220,"context_line":"    controller-0:~$"},{"line_number":221,"context_line":""},{"line_number":222,"context_line":"    controller-0:~$ vi restricted-ns.yaml"},{"line_number":223,"context_line":"    apiVersion: v1"},{"line_number":224,"context_line":"    kind: Namespace"},{"line_number":225,"context_line":"    metadata:"},{"line_number":226,"context_line":"     name: restricted-ns"},{"line_number":227,"context_line":"     labels:"},{"line_number":228,"context_line":"       pod-security.kubernetes.io/enforce: restricted"},{"line_number":229,"context_line":"       pod-security.kubernetes.io/enforce-version: v1.23"},{"line_number":230,"context_line":"       pod-security.kubernetes.io/warn: restricted"},{"line_number":231,"context_line":"       pod-security.kubernetes.io/warn-version: v1.23"},{"line_number":232,"context_line":"       pod-security.kubernetes.io/audit: restricted"},{"line_number":233,"context_line":"       pod-security.kubernetes.io/audit-version: v1.23"},{"line_number":234,"context_line":""},{"line_number":235,"context_line":"    controller-0:~$ kubectl apply -f restricted-ns.yaml"},{"line_number":236,"context_line":"    namespace/restricted-ns created"},{"line_number":237,"context_line":"    controller-0:~$ kubectl describe namespace restricted-ns"},{"line_number":238,"context_line":"    Name:         restricted-ns"},{"line_number":239,"context_line":"    Labels:       kubernetes.io/metadata.name\u003drestricted-ns"},{"line_number":240,"context_line":"                  pod-security.kubernetes.io/audit\u003drestricted"},{"line_number":241,"context_line":"                  pod-security.kubernetes.io/audit-version\u003dv1.23"},{"line_number":242,"context_line":"                  pod-security.kubernetes.io/enforce\u003drestricted"},{"line_number":243,"context_line":"                  pod-security.kubernetes.io/enforce-version\u003dv1.23"},{"line_number":244,"context_line":"                  pod-security.kubernetes.io/warn\u003drestricted"},{"line_number":245,"context_line":"                  pod-security.kubernetes.io/warn-version\u003dv1.23"},{"line_number":246,"context_line":"    Annotations:  \u003cnone\u003e"},{"line_number":247,"context_line":"    Status:       Active"},{"line_number":248,"context_line":""},{"line_number":249,"context_line":"    No resource quota."},{"line_number":250,"context_line":""},{"line_number":251,"context_line":"    No LimitRange resource."},{"line_number":252,"context_line":"    controller-0:~$"},{"line_number":253,"context_line":""},{"line_number":254,"context_line":"    controller-0:~$ vi privileged-pod.yaml"},{"line_number":255,"context_line":"    apiVersion: v1"},{"line_number":256,"context_line":"    kind: Pod"},{"line_number":257,"context_line":"    metadata:"},{"line_number":258,"context_line":"     name: privileged"},{"line_number":259,"context_line":"    spec:"},{"line_number":260,"context_line":"     containers:"},{"line_number":261,"context_line":"      - name: pause"},{"line_number":262,"context_line":"        image: k8s.gcr.io/pause"},{"line_number":263,"context_line":"        securityContext:"},{"line_number":264,"context_line":"         privileged: true"},{"line_number":265,"context_line":""},{"line_number":266,"context_line":"    controller-0:~$ kubectl -n privileged-ns apply -f privileged-pod.yaml"},{"line_number":267,"context_line":"    pod/privileged created"},{"line_number":268,"context_line":""},{"line_number":269,"context_line":"    controller-0:~$ kubectl -n baseline-ns apply -f privileged-pod.yaml"},{"line_number":270,"context_line":"    Error from server (Failure): error when creating \"privileged-pod.yaml\": privileged (container \"pause\" must not set securityContext.privileged\u003dtrue)"},{"line_number":271,"context_line":""},{"line_number":272,"context_line":"    controller-0:~$ kubectl -n restricted-ns apply -f privileged-pod.yaml"},{"line_number":273,"context_line":"    Error from server (Failure): error when creating \"privileged-pod.yaml\": privileged (container \"pause\" must not set securityContext.privileged\u003dtrue), allowPrivilegeEscalation !\u003d false (container \"pause\" must set securityContext.allowPrivilegeEscalation\u003dfalse), unrestricted capabilities (container \"pause\" must set securityContext.capabilities.drop\u003d[\"ALL\"]), runAsNonRoot !\u003d true (pod or container \"pause\" must set securityContext.runAsNonRoot\u003dtrue), seccompProfile (pod or container \"pause\" must set securityContext.seccompProfile.type to \"RuntimeDefault\" or \"Localhost\")"},{"line_number":274,"context_line":"    controller-0:~$"},{"line_number":275,"context_line":""},{"line_number":276,"context_line":"For more information refer to"},{"line_number":277,"context_line":"`https://kubernetes.io/docs/concepts/security/pod-security-admission/"},{"line_number":278,"context_line":"\u003chttps://kubernetes.io/docs/concepts/security/pod-security-admission/\u003e`__."}],"source_content_type":"text/x-rst","patch_set":1,"id":"376eaaac_9c4d5f9d","line":278,"range":{"start_line":141,"start_character":1,"end_line":278,"end_character":74},"in_reply_to":"b4045d49_4d366b8a","updated":"2022-06-24 17:04:22.000000000","message":"Combined 3 sections in 1 as suggested.","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"}],"doc/source/security/kubernetes/enable-pod-security-admission-04eb0c08e042.rst":[{"author":{"_account_id":26026,"name":"Greg Waines","email":"greg.waines@windriver.com","username":"gwaines"},"change_message_id":"1ac3311a7045880a67af69bbd9b16bfffbe88fdf","unresolved":true,"context_lines":[{"line_number":4,"context_line":"Technology Preview - Enable Pod Security Admission"},{"line_number":5,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"To enable |PSA|, PodSecurity feature gate must be enabled."},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"Starting with Kubernetes 1.23 version, PodSecurity feature gate is enabled by"},{"line_number":10,"context_line":"default."}],"source_content_type":"text/x-rst","patch_set":1,"id":"843105b4_0b0d9cb8","line":7,"range":{"start_line":7,"start_character":10,"end_line":7,"end_character":15},"updated":"2022-06-24 12:44:34.000000000","message":"rendered as PSP","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"fcf536b55ac2ce49429d9e1eee8b0cbce1957f70","unresolved":false,"context_lines":[{"line_number":4,"context_line":"Technology Preview - Enable Pod Security Admission"},{"line_number":5,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"To enable |PSA|, PodSecurity feature gate must be enabled."},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"Starting with Kubernetes 1.23 version, PodSecurity feature gate is enabled by"},{"line_number":10,"context_line":"default."}],"source_content_type":"text/x-rst","patch_set":1,"id":"6c18fbb2_cfead052","line":7,"range":{"start_line":7,"start_character":10,"end_line":7,"end_character":15},"in_reply_to":"843105b4_0b0d9cb8","updated":"2022-06-24 17:04:22.000000000","message":"Done","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":26026,"name":"Greg Waines","email":"greg.waines@windriver.com","username":"gwaines"},"change_message_id":"1ac3311a7045880a67af69bbd9b16bfffbe88fdf","unresolved":true,"context_lines":[{"line_number":16,"context_line":".. code-block:: none"},{"line_number":17,"context_line":""},{"line_number":18,"context_line":"    kubernetes_version: 1.22.5"},{"line_number":19,"context_line":""},{"line_number":20,"context_line":"    feature-gates: \"TTLAfterFinished\u003dtrue,HugePageStorageMediumSize\u003dtrue,RemoveSelfLink\u003dfalse,"},{"line_number":21,"context_line":""},{"line_number":22,"context_line":"    MemoryManager\u003dtrue,PodSecurity\u003dtrue\""},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"    enable-admission-plugins: \"NodeRestriction,PodSecurity\""}],"source_content_type":"text/x-rst","patch_set":1,"id":"2623e694_1fe72604","line":22,"range":{"start_line":19,"start_character":0,"end_line":22,"end_character":40},"updated":"2022-06-24 12:44:34.000000000","message":"this should be on one line","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"fcf536b55ac2ce49429d9e1eee8b0cbce1957f70","unresolved":false,"context_lines":[{"line_number":16,"context_line":".. code-block:: none"},{"line_number":17,"context_line":""},{"line_number":18,"context_line":"    kubernetes_version: 1.22.5"},{"line_number":19,"context_line":""},{"line_number":20,"context_line":"    feature-gates: \"TTLAfterFinished\u003dtrue,HugePageStorageMediumSize\u003dtrue,RemoveSelfLink\u003dfalse,"},{"line_number":21,"context_line":""},{"line_number":22,"context_line":"    MemoryManager\u003dtrue,PodSecurity\u003dtrue\""},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"    enable-admission-plugins: \"NodeRestriction,PodSecurity\""}],"source_content_type":"text/x-rst","patch_set":1,"id":"305a5356_e8a8f998","line":22,"range":{"start_line":19,"start_character":0,"end_line":22,"end_character":40},"in_reply_to":"2623e694_1fe72604","updated":"2022-06-24 17:04:22.000000000","message":"Done","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":26026,"name":"Greg Waines","email":"greg.waines@windriver.com","username":"gwaines"},"change_message_id":"1ac3311a7045880a67af69bbd9b16bfffbe88fdf","unresolved":true,"context_lines":[{"line_number":21,"context_line":""},{"line_number":22,"context_line":"    MemoryManager\u003dtrue,PodSecurity\u003dtrue\""},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"    enable-admission-plugins: \"NodeRestriction,PodSecurity\""}],"source_content_type":"text/x-rst","patch_set":1,"id":"9db251dd_3cce5989","line":24,"range":{"start_line":24,"start_character":0,"end_line":24,"end_character":59},"updated":"2022-06-24 12:44:34.000000000","message":"This should be REMOVED ... this enables PSP, not PSA","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"fcf536b55ac2ce49429d9e1eee8b0cbce1957f70","unresolved":false,"context_lines":[{"line_number":21,"context_line":""},{"line_number":22,"context_line":"    MemoryManager\u003dtrue,PodSecurity\u003dtrue\""},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"    enable-admission-plugins: \"NodeRestriction,PodSecurity\""}],"source_content_type":"text/x-rst","patch_set":1,"id":"33a0d7c9_bb2a2473","line":24,"range":{"start_line":24,"start_character":0,"end_line":24,"end_character":59},"in_reply_to":"9db251dd_3cce5989","updated":"2022-06-24 17:04:22.000000000","message":"Done","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":26026,"name":"Greg Waines","email":"greg.waines@windriver.com","username":"gwaines"},"change_message_id":"1ac3311a7045880a67af69bbd9b16bfffbe88fdf","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":1,"id":"2c050db7_dfa79663","line":25,"range":{"start_line":18,"start_character":1,"end_line":25,"end_character":0},"updated":"2022-06-24 12:44:34.000000000","message":"Overall ... shouldn\u0027t the update to bootstrap overrides file, localhost.yml, for configuring the feature gate be:\n\n   apiserver_extra_args:\n     feature-gates: \"SCTPSupport\u003dtrue,TTLAfterFinished\u003dtrue,HugePageStorageMediumSize\u003dtrue,RemoveSelfLink\u003dfalse,MemoryManager\u003dtrue,PodSecurity\u003dtrue\"\n     \n     \nShould also add a reference to doc/source/system_configuration/kubernetes/kubernetes-custom-configuration-31c1fd41857d.rst  for more details on kubernetes configuration.","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"fcf536b55ac2ce49429d9e1eee8b0cbce1957f70","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":1,"id":"8e586035_858c08fe","line":25,"range":{"start_line":18,"start_character":1,"end_line":25,"end_character":0},"in_reply_to":"2c050db7_dfa79663","updated":"2022-06-24 17:04:22.000000000","message":"Which one should I consider?","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"1bf099eedf3b7c67c7ed17b47c6237561f24a91a","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"ce825a37_63668fbc","line":25,"range":{"start_line":18,"start_character":1,"end_line":25,"end_character":0},"in_reply_to":"8e586035_858c08fe","updated":"2022-06-24 18:25:11.000000000","message":"Done","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"}],"doc/source/security/kubernetes/index-security-kub-81153c1254c3.rst":[{"author":{"_account_id":26026,"name":"Greg Waines","email":"greg.waines@windriver.com","username":"gwaines"},"change_message_id":"1ac3311a7045880a67af69bbd9b16bfffbe88fdf","unresolved":true,"context_lines":[{"line_number":49,"context_line":"   disable-pod-security-policy-checking"},{"line_number":50,"context_line":"   assign-pod-security-policies"},{"line_number":51,"context_line":"   resource-management"},{"line_number":52,"context_line":"   pod-security-admission-controller-8e9e6994100f"},{"line_number":53,"context_line":"   enable-pod-security-admission-04eb0c08e042"},{"line_number":54,"context_line":"   configure-defaults-for-the-pod-security-admission-controller-525590d11815"},{"line_number":55,"context_line":""},{"line_number":56,"context_line":".. _user-authentication-using-windows-active-directory-security-index:"},{"line_number":57,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"b124c9b6_80cb5a4b","line":54,"range":{"start_line":52,"start_character":0,"end_line":54,"end_character":76},"updated":"2022-06-24 12:44:34.000000000","message":"This looks a little weird that we have so many pages on the PSA Tech Preview ... and i suggested another page based on current paging of major PSA topics.\n\nI almost wonder if it would be better to consolidate all 4x PSA pages into one and use major headings for what we now have as pages.","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"fcf536b55ac2ce49429d9e1eee8b0cbce1957f70","unresolved":false,"context_lines":[{"line_number":49,"context_line":"   disable-pod-security-policy-checking"},{"line_number":50,"context_line":"   assign-pod-security-policies"},{"line_number":51,"context_line":"   resource-management"},{"line_number":52,"context_line":"   pod-security-admission-controller-8e9e6994100f"},{"line_number":53,"context_line":"   enable-pod-security-admission-04eb0c08e042"},{"line_number":54,"context_line":"   configure-defaults-for-the-pod-security-admission-controller-525590d11815"},{"line_number":55,"context_line":""},{"line_number":56,"context_line":".. _user-authentication-using-windows-active-directory-security-index:"},{"line_number":57,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"40361ca5_39668dc2","line":54,"range":{"start_line":52,"start_character":0,"end_line":54,"end_character":76},"in_reply_to":"b124c9b6_80cb5a4b","updated":"2022-06-24 17:04:22.000000000","message":"Done","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"}],"doc/source/security/kubernetes/pod-security-admission-controller-8e9e6994100f.rst":[{"author":{"_account_id":26026,"name":"Greg Waines","email":"greg.waines@windriver.com","username":"gwaines"},"change_message_id":"1ac3311a7045880a67af69bbd9b16bfffbe88fdf","unresolved":true,"context_lines":[{"line_number":5,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"Pod Security Admission (PSA) Controller is the |PSP| replacement, and this"},{"line_number":8,"context_line":"document is a technical preview of the functionality to come."},{"line_number":9,"context_line":""},{"line_number":10,"context_line":"|PSA| controller acts on creation and modification of the pod and determines if"},{"line_number":11,"context_line":"it should be admitted based on the requested security context and the policies"}],"source_content_type":"text/x-rst","patch_set":1,"id":"39e83ca9_65dcdca7","line":8,"range":{"start_line":8,"start_character":9,"end_line":8,"end_character":61},"updated":"2022-06-24 12:44:34.000000000","message":"describes the technical preview of PSA functionality which is \u0027beta\u0027 quality in K8S v1.23 .","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"fcf536b55ac2ce49429d9e1eee8b0cbce1957f70","unresolved":false,"context_lines":[{"line_number":5,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"Pod Security Admission (PSA) Controller is the |PSP| replacement, and this"},{"line_number":8,"context_line":"document is a technical preview of the functionality to come."},{"line_number":9,"context_line":""},{"line_number":10,"context_line":"|PSA| controller acts on creation and modification of the pod and determines if"},{"line_number":11,"context_line":"it should be admitted based on the requested security context and the policies"}],"source_content_type":"text/x-rst","patch_set":1,"id":"4df70adf_c8526e70","line":8,"range":{"start_line":8,"start_character":9,"end_line":8,"end_character":61},"in_reply_to":"39e83ca9_65dcdca7","updated":"2022-06-24 17:04:22.000000000","message":"Done","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":26026,"name":"Greg Waines","email":"greg.waines@windriver.com","username":"gwaines"},"change_message_id":"1ac3311a7045880a67af69bbd9b16bfffbe88fdf","unresolved":true,"context_lines":[{"line_number":7,"context_line":"Pod Security Admission (PSA) Controller is the |PSP| replacement, and this"},{"line_number":8,"context_line":"document is a technical preview of the functionality to come."},{"line_number":9,"context_line":""},{"line_number":10,"context_line":"|PSA| controller acts on creation and modification of the pod and determines if"},{"line_number":11,"context_line":"it should be admitted based on the requested security context and the policies"},{"line_number":12,"context_line":"defined by Pod Security Standards."},{"line_number":13,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"92ae6544_3accf933","line":10,"range":{"start_line":10,"start_character":0,"end_line":10,"end_character":17},"updated":"2022-06-24 12:44:34.000000000","message":"The |PSA| admission controller","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":26026,"name":"Greg Waines","email":"greg.waines@windriver.com","username":"gwaines"},"change_message_id":"1ac3311a7045880a67af69bbd9b16bfffbe88fdf","unresolved":true,"context_lines":[{"line_number":7,"context_line":"Pod Security Admission (PSA) Controller is the |PSP| replacement, and this"},{"line_number":8,"context_line":"document is a technical preview of the functionality to come."},{"line_number":9,"context_line":""},{"line_number":10,"context_line":"|PSA| controller acts on creation and modification of the pod and determines if"},{"line_number":11,"context_line":"it should be admitted based on the requested security context and the policies"},{"line_number":12,"context_line":"defined by Pod Security Standards."},{"line_number":13,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"2d48fe8c_727831a2","line":10,"range":{"start_line":10,"start_character":0,"end_line":10,"end_character":5},"updated":"2022-06-24 12:44:34.000000000","message":"|PSA| gets rendered as \u0027PSP\u0027 ?","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"fcf536b55ac2ce49429d9e1eee8b0cbce1957f70","unresolved":false,"context_lines":[{"line_number":7,"context_line":"Pod Security Admission (PSA) Controller is the |PSP| replacement, and this"},{"line_number":8,"context_line":"document is a technical preview of the functionality to come."},{"line_number":9,"context_line":""},{"line_number":10,"context_line":"|PSA| controller acts on creation and modification of the pod and determines if"},{"line_number":11,"context_line":"it should be admitted based on the requested security context and the policies"},{"line_number":12,"context_line":"defined by Pod Security Standards."},{"line_number":13,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"9486bdd7_7b12c00b","line":10,"range":{"start_line":10,"start_character":0,"end_line":10,"end_character":5},"in_reply_to":"2d48fe8c_727831a2","updated":"2022-06-24 17:04:22.000000000","message":"Done","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"fcf536b55ac2ce49429d9e1eee8b0cbce1957f70","unresolved":false,"context_lines":[{"line_number":7,"context_line":"Pod Security Admission (PSA) Controller is the |PSP| replacement, and this"},{"line_number":8,"context_line":"document is a technical preview of the functionality to come."},{"line_number":9,"context_line":""},{"line_number":10,"context_line":"|PSA| controller acts on creation and modification of the pod and determines if"},{"line_number":11,"context_line":"it should be admitted based on the requested security context and the policies"},{"line_number":12,"context_line":"defined by Pod Security Standards."},{"line_number":13,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"cf60d8b6_03aee885","line":10,"range":{"start_line":10,"start_character":0,"end_line":10,"end_character":17},"in_reply_to":"92ae6544_3accf933","updated":"2022-06-24 17:04:22.000000000","message":"Done","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":26026,"name":"Greg Waines","email":"greg.waines@windriver.com","username":"gwaines"},"change_message_id":"1ac3311a7045880a67af69bbd9b16bfffbe88fdf","unresolved":true,"context_lines":[{"line_number":29,"context_line":"    It is targeted at operators and developers of security-critical"},{"line_number":30,"context_line":"    applications, as well as lower-trust users."},{"line_number":31,"context_line":""},{"line_number":32,"context_line":"-------------------"},{"line_number":33,"context_line":"Pod Security levels"},{"line_number":34,"context_line":"-------------------"},{"line_number":35,"context_line":""},{"line_number":36,"context_line":"Pod Security Admission levels refer to the 3 policies defined by the Pod"},{"line_number":37,"context_line":"Security Standards: privileged, baseline, and restricted."},{"line_number":38,"context_line":""},{"line_number":39,"context_line":"--------------------------------------------"},{"line_number":40,"context_line":"Pod Security Admission labels for namespaces"}],"source_content_type":"text/x-rst","patch_set":1,"id":"93a18a04_812ab631","line":37,"range":{"start_line":32,"start_character":0,"end_line":37,"end_character":57},"updated":"2022-06-24 12:44:34.000000000","message":"shouldn\u0027t this be at line 13 ... seems kind of odd that you have it here.","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"fcf536b55ac2ce49429d9e1eee8b0cbce1957f70","unresolved":false,"context_lines":[{"line_number":29,"context_line":"    It is targeted at operators and developers of security-critical"},{"line_number":30,"context_line":"    applications, as well as lower-trust users."},{"line_number":31,"context_line":""},{"line_number":32,"context_line":"-------------------"},{"line_number":33,"context_line":"Pod Security levels"},{"line_number":34,"context_line":"-------------------"},{"line_number":35,"context_line":""},{"line_number":36,"context_line":"Pod Security Admission levels refer to the 3 policies defined by the Pod"},{"line_number":37,"context_line":"Security Standards: privileged, baseline, and restricted."},{"line_number":38,"context_line":""},{"line_number":39,"context_line":"--------------------------------------------"},{"line_number":40,"context_line":"Pod Security Admission labels for namespaces"}],"source_content_type":"text/x-rst","patch_set":1,"id":"79591848_6b526594","line":37,"range":{"start_line":32,"start_character":0,"end_line":37,"end_character":57},"in_reply_to":"93a18a04_812ab631","updated":"2022-06-24 17:04:22.000000000","message":"Done","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":26026,"name":"Greg Waines","email":"greg.waines@windriver.com","username":"gwaines"},"change_message_id":"1ac3311a7045880a67af69bbd9b16bfffbe88fdf","unresolved":true,"context_lines":[{"line_number":42,"context_line":""},{"line_number":43,"context_line":"Pod security restrictions are applied at the namespace level."},{"line_number":44,"context_line":""},{"line_number":45,"context_line":"With |PSA| feature enabled, namespaces can be created and configured to define"},{"line_number":46,"context_line":"the admission control mode to be used for pod security in each namespace."},{"line_number":47,"context_line":"Kubernetes defines a set of labels to set predefined Pod Security levels for a"},{"line_number":48,"context_line":"namespace. The label will define what action the controller control plane takes"}],"source_content_type":"text/x-rst","patch_set":1,"id":"f5911da3_2f504548","line":45,"range":{"start_line":45,"start_character":5,"end_line":45,"end_character":10},"updated":"2022-06-24 12:44:34.000000000","message":"again ... gets rendered as PSP, instead of PSA","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"fcf536b55ac2ce49429d9e1eee8b0cbce1957f70","unresolved":false,"context_lines":[{"line_number":42,"context_line":""},{"line_number":43,"context_line":"Pod security restrictions are applied at the namespace level."},{"line_number":44,"context_line":""},{"line_number":45,"context_line":"With |PSA| feature enabled, namespaces can be created and configured to define"},{"line_number":46,"context_line":"the admission control mode to be used for pod security in each namespace."},{"line_number":47,"context_line":"Kubernetes defines a set of labels to set predefined Pod Security levels for a"},{"line_number":48,"context_line":"namespace. The label will define what action the controller control plane takes"}],"source_content_type":"text/x-rst","patch_set":1,"id":"a229e67f_a628af4a","line":45,"range":{"start_line":45,"start_character":5,"end_line":45,"end_character":10},"in_reply_to":"f5911da3_2f504548","updated":"2022-06-24 17:04:22.000000000","message":"Done","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":26026,"name":"Greg Waines","email":"greg.waines@windriver.com","username":"gwaines"},"change_message_id":"1ac3311a7045880a67af69bbd9b16bfffbe88fdf","unresolved":true,"context_lines":[{"line_number":56,"context_line":""},{"line_number":57,"context_line":"audit"},{"line_number":58,"context_line":"    Policy violations will trigger the addition of an audit annotation to the"},{"line_number":59,"context_line":"    event recorded in the audit log but are otherwise allowed."},{"line_number":60,"context_line":""},{"line_number":61,"context_line":"warn"},{"line_number":62,"context_line":"    Policy violations will trigger a user-facing warning but are otherwise"}],"source_content_type":"text/x-rst","patch_set":1,"id":"373d955b_7f2c81a5","line":59,"range":{"start_line":59,"start_character":26,"end_line":59,"end_character":32},"updated":"2022-06-24 12:44:34.000000000","message":"K8S audit","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"fcf536b55ac2ce49429d9e1eee8b0cbce1957f70","unresolved":false,"context_lines":[{"line_number":56,"context_line":""},{"line_number":57,"context_line":"audit"},{"line_number":58,"context_line":"    Policy violations will trigger the addition of an audit annotation to the"},{"line_number":59,"context_line":"    event recorded in the audit log but are otherwise allowed."},{"line_number":60,"context_line":""},{"line_number":61,"context_line":"warn"},{"line_number":62,"context_line":"    Policy violations will trigger a user-facing warning but are otherwise"}],"source_content_type":"text/x-rst","patch_set":1,"id":"27705ebe_0283f020","line":59,"range":{"start_line":59,"start_character":26,"end_line":59,"end_character":32},"in_reply_to":"373d955b_7f2c81a5","updated":"2022-06-24 17:04:22.000000000","message":"Done","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":26026,"name":"Greg Waines","email":"greg.waines@windriver.com","username":"gwaines"},"change_message_id":"91df58d813793d663178621b7c89eebf0865fff0","unresolved":true,"context_lines":[{"line_number":19,"context_line":"Pod Security Admission levels refer to the 3 policies defined by the Pod"},{"line_number":20,"context_line":"Security Standards: privileged, baseline, and restricted."},{"line_number":21,"context_line":""},{"line_number":22,"context_line":"Pod Security Standards define three different policies to cover the security"},{"line_number":23,"context_line":"spectrum. These policies are:"},{"line_number":24,"context_line":""},{"line_number":25,"context_line":"Privileged"},{"line_number":26,"context_line":"    Unrestricted policy, providing the widest possible level of permissions."}],"source_content_type":"text/x-rst","patch_set":2,"id":"e89ef487_aa0d5c91","line":23,"range":{"start_line":22,"start_character":0,"end_line":23,"end_character":29},"updated":"2022-06-24 18:05:26.000000000","message":"REMOVE","commit_id":"eb9fa1a88790ee62ef4003b1236d69bdb71c2a15"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"1bf099eedf3b7c67c7ed17b47c6237561f24a91a","unresolved":false,"context_lines":[{"line_number":19,"context_line":"Pod Security Admission levels refer to the 3 policies defined by the Pod"},{"line_number":20,"context_line":"Security Standards: privileged, baseline, and restricted."},{"line_number":21,"context_line":""},{"line_number":22,"context_line":"Pod Security Standards define three different policies to cover the security"},{"line_number":23,"context_line":"spectrum. These policies are:"},{"line_number":24,"context_line":""},{"line_number":25,"context_line":"Privileged"},{"line_number":26,"context_line":"    Unrestricted policy, providing the widest possible level of permissions."}],"source_content_type":"text/x-rst","patch_set":2,"id":"5456854d_1f1e55a1","line":23,"range":{"start_line":22,"start_character":0,"end_line":23,"end_character":29},"in_reply_to":"e89ef487_aa0d5c91","updated":"2022-06-24 18:25:11.000000000","message":"Done","commit_id":"eb9fa1a88790ee62ef4003b1236d69bdb71c2a15"},{"author":{"_account_id":26026,"name":"Greg Waines","email":"greg.waines@windriver.com","username":"gwaines"},"change_message_id":"91df58d813793d663178621b7c89eebf0865fff0","unresolved":true,"context_lines":[{"line_number":43,"context_line":""},{"line_number":44,"context_line":"Pod security restrictions are applied at the namespace level."},{"line_number":45,"context_line":""},{"line_number":46,"context_line":"With |PSA| feature enabled, namespaces can be created and configured to define"},{"line_number":47,"context_line":"the admission control mode to be used for pod security in each namespace."},{"line_number":48,"context_line":"Kubernetes defines a set of labels to set predefined Pod Security levels for a"},{"line_number":49,"context_line":"namespace. The label will define what action the controller control plane takes"}],"source_content_type":"text/x-rst","patch_set":2,"id":"11ca8566_061170d0","line":46,"range":{"start_line":46,"start_character":46,"end_line":46,"end_character":57},"updated":"2022-06-24 18:05:26.000000000","message":"REMOVE   (reads better without it)","commit_id":"eb9fa1a88790ee62ef4003b1236d69bdb71c2a15"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"1bf099eedf3b7c67c7ed17b47c6237561f24a91a","unresolved":false,"context_lines":[{"line_number":43,"context_line":""},{"line_number":44,"context_line":"Pod security restrictions are applied at the namespace level."},{"line_number":45,"context_line":""},{"line_number":46,"context_line":"With |PSA| feature enabled, namespaces can be created and configured to define"},{"line_number":47,"context_line":"the admission control mode to be used for pod security in each namespace."},{"line_number":48,"context_line":"Kubernetes defines a set of labels to set predefined Pod Security levels for a"},{"line_number":49,"context_line":"namespace. The label will define what action the controller control plane takes"}],"source_content_type":"text/x-rst","patch_set":2,"id":"72250b51_bb33f8c5","line":46,"range":{"start_line":46,"start_character":46,"end_line":46,"end_character":57},"in_reply_to":"11ca8566_061170d0","updated":"2022-06-24 18:25:11.000000000","message":"Done","commit_id":"eb9fa1a88790ee62ef4003b1236d69bdb71c2a15"},{"author":{"_account_id":26026,"name":"Greg Waines","email":"greg.waines@windriver.com","username":"gwaines"},"change_message_id":"91df58d813793d663178621b7c89eebf0865fff0","unresolved":true,"context_lines":[{"line_number":95,"context_line":"Starting with Kubernetes 1.23 version, PodSecurity feature gate is enabled by"},{"line_number":96,"context_line":"default."},{"line_number":97,"context_line":""},{"line_number":98,"context_line":"For Kuberneted version 1.22, PodSecurity feature gate can be enabled using"},{"line_number":99,"context_line":"option ``feature-gates`` in bootstrap overrides file, ``localhost.yml``. As the"},{"line_number":100,"context_line":"example shown below:"},{"line_number":101,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"1d6e87b2_caac59a5","line":98,"range":{"start_line":98,"start_character":4,"end_line":98,"end_character":15},"updated":"2022-06-24 18:05:26.000000000","message":"typo","commit_id":"eb9fa1a88790ee62ef4003b1236d69bdb71c2a15"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"1bf099eedf3b7c67c7ed17b47c6237561f24a91a","unresolved":false,"context_lines":[{"line_number":95,"context_line":"Starting with Kubernetes 1.23 version, PodSecurity feature gate is enabled by"},{"line_number":96,"context_line":"default."},{"line_number":97,"context_line":""},{"line_number":98,"context_line":"For Kuberneted version 1.22, PodSecurity feature gate can be enabled using"},{"line_number":99,"context_line":"option ``feature-gates`` in bootstrap overrides file, ``localhost.yml``. As the"},{"line_number":100,"context_line":"example shown below:"},{"line_number":101,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"e4e6bde0_0547976b","line":98,"range":{"start_line":98,"start_character":4,"end_line":98,"end_character":15},"in_reply_to":"1d6e87b2_caac59a5","updated":"2022-06-24 18:25:11.000000000","message":"Done","commit_id":"eb9fa1a88790ee62ef4003b1236d69bdb71c2a15"},{"author":{"_account_id":26026,"name":"Greg Waines","email":"greg.waines@windriver.com","username":"gwaines"},"change_message_id":"91df58d813793d663178621b7c89eebf0865fff0","unresolved":true,"context_lines":[{"line_number":101,"context_line":""},{"line_number":102,"context_line":".. code-block:: none"},{"line_number":103,"context_line":""},{"line_number":104,"context_line":"    kubernetes_version: 1.22.5 feature-gates: \"TTLAfterFinished\u003dtrue,HugePageStorageMediumSize\u003dtrue,RemoveSelfLink\u003dfalse, MemoryManager\u003dtrue,PodSecurity\u003dtrue\""},{"line_number":105,"context_line":""},{"line_number":106,"context_line":"See :ref:`Kubernetes Custom Configuration"},{"line_number":107,"context_line":"\u003ckubernetes-custom-configuration-31c1fd41857d\u003e` for more details on kubernetes"}],"source_content_type":"text/x-rst","patch_set":2,"id":"d4cb3e65_eef17d42","line":104,"range":{"start_line":104,"start_character":0,"end_line":104,"end_character":158},"updated":"2022-06-24 18:05:26.000000000","message":"SHOULD BE:\n\n   apiserver_extra_args:\n     feature-gates: \"SCTPSupport\u003dtrue,TTLAfterFinished\u003dtrue,HugePageStorageMediumSize\u003dtrue,RemoveSelfLink\u003dfalse,MemoryManager\u003dtrue,PodSecurity\u003dtrue\"","commit_id":"eb9fa1a88790ee62ef4003b1236d69bdb71c2a15"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"1bf099eedf3b7c67c7ed17b47c6237561f24a91a","unresolved":false,"context_lines":[{"line_number":101,"context_line":""},{"line_number":102,"context_line":".. code-block:: none"},{"line_number":103,"context_line":""},{"line_number":104,"context_line":"    kubernetes_version: 1.22.5 feature-gates: \"TTLAfterFinished\u003dtrue,HugePageStorageMediumSize\u003dtrue,RemoveSelfLink\u003dfalse, MemoryManager\u003dtrue,PodSecurity\u003dtrue\""},{"line_number":105,"context_line":""},{"line_number":106,"context_line":"See :ref:`Kubernetes Custom Configuration"},{"line_number":107,"context_line":"\u003ckubernetes-custom-configuration-31c1fd41857d\u003e` for more details on kubernetes"}],"source_content_type":"text/x-rst","patch_set":2,"id":"0d78b7c2_d9ffd50a","line":104,"range":{"start_line":104,"start_character":0,"end_line":104,"end_character":158},"in_reply_to":"d4cb3e65_eef17d42","updated":"2022-06-24 18:25:11.000000000","message":"Done","commit_id":"eb9fa1a88790ee62ef4003b1236d69bdb71c2a15"},{"author":{"_account_id":26026,"name":"Greg Waines","email":"greg.waines@windriver.com","username":"gwaines"},"change_message_id":"91df58d813793d663178621b7c89eebf0865fff0","unresolved":true,"context_lines":[{"line_number":124,"context_line":"the namespace will follow the default |PSA| labels\u0027 level, mode and version"},{"line_number":125,"context_line":"configuration set with PodSecurity plugin of the AdmissionConfiguration"},{"line_number":126,"context_line":"resource."},{"line_number":127,"context_line":""},{"line_number":128,"context_line":"-----------------------------"},{"line_number":129,"context_line":"How to configure PSA defaults"},{"line_number":130,"context_line":"-----------------------------"}],"source_content_type":"text/x-rst","patch_set":2,"id":"dfb321fd_5dceddcf","line":127,"updated":"2022-06-24 18:05:26.000000000","message":"ADD separate paragraph:\n\nAny policy that is applied via namespace labels will take precedence.","commit_id":"eb9fa1a88790ee62ef4003b1236d69bdb71c2a15"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"1bf099eedf3b7c67c7ed17b47c6237561f24a91a","unresolved":false,"context_lines":[{"line_number":124,"context_line":"the namespace will follow the default |PSA| labels\u0027 level, mode and version"},{"line_number":125,"context_line":"configuration set with PodSecurity plugin of the AdmissionConfiguration"},{"line_number":126,"context_line":"resource."},{"line_number":127,"context_line":""},{"line_number":128,"context_line":"-----------------------------"},{"line_number":129,"context_line":"How to configure PSA defaults"},{"line_number":130,"context_line":"-----------------------------"}],"source_content_type":"text/x-rst","patch_set":2,"id":"e14b00f4_1ece2fec","line":127,"in_reply_to":"dfb321fd_5dceddcf","updated":"2022-06-24 18:25:11.000000000","message":"Done","commit_id":"eb9fa1a88790ee62ef4003b1236d69bdb71c2a15"},{"author":{"_account_id":26026,"name":"Greg Waines","email":"greg.waines@windriver.com","username":"gwaines"},"change_message_id":"91df58d813793d663178621b7c89eebf0865fff0","unresolved":true,"context_lines":[{"line_number":125,"context_line":"configuration set with PodSecurity plugin of the AdmissionConfiguration"},{"line_number":126,"context_line":"resource."},{"line_number":127,"context_line":""},{"line_number":128,"context_line":"-----------------------------"},{"line_number":129,"context_line":"How to configure PSA defaults"},{"line_number":130,"context_line":"-----------------------------"},{"line_number":131,"context_line":""},{"line_number":132,"context_line":"Configure PodSecurity plugin of AdmissionConfiguration"},{"line_number":133,"context_line":"------------------------------------------------------"},{"line_number":134,"context_line":""},{"line_number":135,"context_line":"To configure ``cluster-wide`` policies PodSecurity plugin of the"},{"line_number":136,"context_line":"AdmissionConfiguration resource can be used. The AdmissionConfiguration"}],"source_content_type":"text/x-rst","patch_set":2,"id":"9f0643e2_e4b66c36","line":133,"range":{"start_line":128,"start_character":0,"end_line":133,"end_character":54},"updated":"2022-06-24 18:05:26.000000000","message":"REMOVE","commit_id":"eb9fa1a88790ee62ef4003b1236d69bdb71c2a15"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"1bf099eedf3b7c67c7ed17b47c6237561f24a91a","unresolved":false,"context_lines":[{"line_number":125,"context_line":"configuration set with PodSecurity plugin of the AdmissionConfiguration"},{"line_number":126,"context_line":"resource."},{"line_number":127,"context_line":""},{"line_number":128,"context_line":"-----------------------------"},{"line_number":129,"context_line":"How to configure PSA defaults"},{"line_number":130,"context_line":"-----------------------------"},{"line_number":131,"context_line":""},{"line_number":132,"context_line":"Configure PodSecurity plugin of AdmissionConfiguration"},{"line_number":133,"context_line":"------------------------------------------------------"},{"line_number":134,"context_line":""},{"line_number":135,"context_line":"To configure ``cluster-wide`` policies PodSecurity plugin of the"},{"line_number":136,"context_line":"AdmissionConfiguration resource can be used. The AdmissionConfiguration"}],"source_content_type":"text/x-rst","patch_set":2,"id":"9d7871a5_cd7b6790","line":133,"range":{"start_line":128,"start_character":0,"end_line":133,"end_character":54},"in_reply_to":"9f0643e2_e4b66c36","updated":"2022-06-24 18:25:11.000000000","message":"Done","commit_id":"eb9fa1a88790ee62ef4003b1236d69bdb71c2a15"},{"author":{"_account_id":26026,"name":"Greg Waines","email":"greg.waines@windriver.com","username":"gwaines"},"change_message_id":"91df58d813793d663178621b7c89eebf0865fff0","unresolved":true,"context_lines":[{"line_number":132,"context_line":"Configure PodSecurity plugin of AdmissionConfiguration"},{"line_number":133,"context_line":"------------------------------------------------------"},{"line_number":134,"context_line":""},{"line_number":135,"context_line":"To configure ``cluster-wide`` policies PodSecurity plugin of the"},{"line_number":136,"context_line":"AdmissionConfiguration resource can be used. The AdmissionConfiguration"},{"line_number":137,"context_line":"resource is configurable at bootstrap time with the ``api-server_extra_args``"},{"line_number":138,"context_line":"and ``apiserver_extra_volumes`` overrides in the ``localhost.yml`` file."}],"source_content_type":"text/x-rst","patch_set":2,"id":"c4f18de9_387a4a5b","line":135,"range":{"start_line":135,"start_character":30,"end_line":135,"end_character":39},"updated":"2022-06-24 18:05:26.000000000","message":"default policies and/or exemptions, the","commit_id":"eb9fa1a88790ee62ef4003b1236d69bdb71c2a15"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"1bf099eedf3b7c67c7ed17b47c6237561f24a91a","unresolved":false,"context_lines":[{"line_number":132,"context_line":"Configure PodSecurity plugin of AdmissionConfiguration"},{"line_number":133,"context_line":"------------------------------------------------------"},{"line_number":134,"context_line":""},{"line_number":135,"context_line":"To configure ``cluster-wide`` policies PodSecurity plugin of the"},{"line_number":136,"context_line":"AdmissionConfiguration resource can be used. The AdmissionConfiguration"},{"line_number":137,"context_line":"resource is configurable at bootstrap time with the ``api-server_extra_args``"},{"line_number":138,"context_line":"and ``apiserver_extra_volumes`` overrides in the ``localhost.yml`` file."}],"source_content_type":"text/x-rst","patch_set":2,"id":"a6f936d9_f2ae7a36","line":135,"range":{"start_line":135,"start_character":30,"end_line":135,"end_character":39},"in_reply_to":"c4f18de9_387a4a5b","updated":"2022-06-24 18:25:11.000000000","message":"Done","commit_id":"eb9fa1a88790ee62ef4003b1236d69bdb71c2a15"},{"author":{"_account_id":26026,"name":"Greg Waines","email":"greg.waines@windriver.com","username":"gwaines"},"change_message_id":"91df58d813793d663178621b7c89eebf0865fff0","unresolved":true,"context_lines":[{"line_number":137,"context_line":"resource is configurable at bootstrap time with the ``api-server_extra_args``"},{"line_number":138,"context_line":"and ``apiserver_extra_volumes`` overrides in the ``localhost.yml`` file."},{"line_number":139,"context_line":""},{"line_number":140,"context_line":".. note::"},{"line_number":141,"context_line":""},{"line_number":142,"context_line":"    Using this resource, policy definitions are applied ``cluster-wide`` by"},{"line_number":143,"context_line":"    default and any policy that is applied via namespace labels will take"},{"line_number":144,"context_line":"    precedence."},{"line_number":145,"context_line":""},{"line_number":146,"context_line":"Example of configuration added to ``localhost.yml``:"},{"line_number":147,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"450b85c5_556e4490","line":144,"range":{"start_line":140,"start_character":0,"end_line":144,"end_character":15},"updated":"2022-06-24 18:05:26.000000000","message":"REMOVE ... I moved it up","commit_id":"eb9fa1a88790ee62ef4003b1236d69bdb71c2a15"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"1bf099eedf3b7c67c7ed17b47c6237561f24a91a","unresolved":false,"context_lines":[{"line_number":137,"context_line":"resource is configurable at bootstrap time with the ``api-server_extra_args``"},{"line_number":138,"context_line":"and ``apiserver_extra_volumes`` overrides in the ``localhost.yml`` file."},{"line_number":139,"context_line":""},{"line_number":140,"context_line":".. note::"},{"line_number":141,"context_line":""},{"line_number":142,"context_line":"    Using this resource, policy definitions are applied ``cluster-wide`` by"},{"line_number":143,"context_line":"    default and any policy that is applied via namespace labels will take"},{"line_number":144,"context_line":"    precedence."},{"line_number":145,"context_line":""},{"line_number":146,"context_line":"Example of configuration added to ``localhost.yml``:"},{"line_number":147,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"fb7cffb9_02b8f0b4","line":144,"range":{"start_line":140,"start_character":0,"end_line":144,"end_character":15},"in_reply_to":"450b85c5_556e4490","updated":"2022-06-24 18:25:11.000000000","message":"Done","commit_id":"eb9fa1a88790ee62ef4003b1236d69bdb71c2a15"},{"author":{"_account_id":26026,"name":"Greg Waines","email":"greg.waines@windriver.com","username":"gwaines"},"change_message_id":"91df58d813793d663178621b7c89eebf0865fff0","unresolved":true,"context_lines":[{"line_number":175,"context_line":"\u003ckubernetes-custom-configuration-31c1fd41857d\u003e` for more details on kubernetes"},{"line_number":176,"context_line":"configuration, ``apiserver_extra_args`` and ``apiserver_extra_volumes``."},{"line_number":177,"context_line":""},{"line_number":178,"context_line":"Platform namespaces configuration"},{"line_number":179,"context_line":"---------------------------------"},{"line_number":180,"context_line":""},{"line_number":181,"context_line":"In preparation for |PSA| controller full support, namespace labels have been"},{"line_number":182,"context_line":"added to all the namespaces used by the platform. System namespaces, such as"}],"source_content_type":"text/x-rst","patch_set":2,"id":"be933f9b_a09b0412","line":179,"range":{"start_line":178,"start_character":0,"end_line":179,"end_character":33},"updated":"2022-06-24 18:05:26.000000000","message":"change:\n\n---------------------------------\nPlatform namespaces configuration\n---------------------------------","commit_id":"eb9fa1a88790ee62ef4003b1236d69bdb71c2a15"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"1bf099eedf3b7c67c7ed17b47c6237561f24a91a","unresolved":false,"context_lines":[{"line_number":175,"context_line":"\u003ckubernetes-custom-configuration-31c1fd41857d\u003e` for more details on kubernetes"},{"line_number":176,"context_line":"configuration, ``apiserver_extra_args`` and ``apiserver_extra_volumes``."},{"line_number":177,"context_line":""},{"line_number":178,"context_line":"Platform namespaces configuration"},{"line_number":179,"context_line":"---------------------------------"},{"line_number":180,"context_line":""},{"line_number":181,"context_line":"In preparation for |PSA| controller full support, namespace labels have been"},{"line_number":182,"context_line":"added to all the namespaces used by the platform. System namespaces, such as"}],"source_content_type":"text/x-rst","patch_set":2,"id":"64d37631_324eaa4b","line":179,"range":{"start_line":178,"start_character":0,"end_line":179,"end_character":33},"in_reply_to":"be933f9b_a09b0412","updated":"2022-06-24 18:25:11.000000000","message":"Done","commit_id":"eb9fa1a88790ee62ef4003b1236d69bdb71c2a15"},{"author":{"_account_id":31646,"name":"Carmen Rata","email":"carmen.rata@windriver.com","username":"crata"},"change_message_id":"b0f653dadea5d20be7121908897720004a5892a6","unresolved":true,"context_lines":[{"line_number":99,"context_line":".. code-block:: none"},{"line_number":100,"context_line":""},{"line_number":101,"context_line":"    apiserver_extra_args:"},{"line_number":102,"context_line":"     feature-gates: \"SCTPSupport\u003dtrue,TTLAfterFinished\u003dtrue,HugePageStorageMediumSize\u003dtrue,RemoveSelfLink\u003dfalse,MemoryManager\u003dtrue,PodSecurity\u003dtrue\""},{"line_number":103,"context_line":""},{"line_number":104,"context_line":"See :ref:`Kubernetes Custom Configuration"},{"line_number":105,"context_line":"\u003ckubernetes-custom-configuration-31c1fd41857d\u003e` for more details on kubernetes"}],"source_content_type":"text/x-rst","patch_set":3,"id":"3d85ce1f_13751c89","line":102,"range":{"start_line":102,"start_character":0,"end_line":102,"end_character":5},"updated":"2022-06-27 14:22:30.000000000","message":"Please remove SCTPSupport\u003dtrue, It is not supported and gives an error.","commit_id":"910c764436a340599f00107730b64a46db1bccf9"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"9d5d0140b01afeb5bc16e6913cdac4629e3786c5","unresolved":false,"context_lines":[{"line_number":99,"context_line":".. code-block:: none"},{"line_number":100,"context_line":""},{"line_number":101,"context_line":"    apiserver_extra_args:"},{"line_number":102,"context_line":"     feature-gates: \"SCTPSupport\u003dtrue,TTLAfterFinished\u003dtrue,HugePageStorageMediumSize\u003dtrue,RemoveSelfLink\u003dfalse,MemoryManager\u003dtrue,PodSecurity\u003dtrue\""},{"line_number":103,"context_line":""},{"line_number":104,"context_line":"See :ref:`Kubernetes Custom Configuration"},{"line_number":105,"context_line":"\u003ckubernetes-custom-configuration-31c1fd41857d\u003e` for more details on kubernetes"}],"source_content_type":"text/x-rst","patch_set":3,"id":"fec4f241_b3090656","line":102,"range":{"start_line":102,"start_character":0,"end_line":102,"end_character":5},"in_reply_to":"3d85ce1f_13751c89","updated":"2022-06-27 15:10:18.000000000","message":"Done","commit_id":"910c764436a340599f00107730b64a46db1bccf9"},{"author":{"_account_id":31646,"name":"Carmen Rata","email":"carmen.rata@windriver.com","username":"crata"},"change_message_id":"b0f653dadea5d20be7121908897720004a5892a6","unresolved":true,"context_lines":[{"line_number":123,"context_line":"configuration set with PodSecurity plugin of the AdmissionConfiguration"},{"line_number":124,"context_line":"resource."},{"line_number":125,"context_line":""},{"line_number":126,"context_line":"Any policy that is applied via namespace labels will take precedence."},{"line_number":127,"context_line":""},{"line_number":128,"context_line":"To configure ``cluster-wide`` default policies and/or exemptions, the"},{"line_number":129,"context_line":"PodSecurity plugin of the AdmissionConfiguration resource can be used. The"}],"source_content_type":"text/x-rst","patch_set":3,"id":"4bacc60e_afb3a2b8","line":126,"range":{"start_line":126,"start_character":0,"end_line":126,"end_character":4},"updated":"2022-06-27 14:22:30.000000000","message":"Please move line 126, after describing cluster-wide polices using “AdmissionConfiguration\", lines 128-132, because is in the context of using this resource.\nSee Note:\nUsing this resource, policy definitions are applied cluster-wide by default and any policy that is applied via namespace labels will take precedence.","commit_id":"910c764436a340599f00107730b64a46db1bccf9"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"9d5d0140b01afeb5bc16e6913cdac4629e3786c5","unresolved":false,"context_lines":[{"line_number":123,"context_line":"configuration set with PodSecurity plugin of the AdmissionConfiguration"},{"line_number":124,"context_line":"resource."},{"line_number":125,"context_line":""},{"line_number":126,"context_line":"Any policy that is applied via namespace labels will take precedence."},{"line_number":127,"context_line":""},{"line_number":128,"context_line":"To configure ``cluster-wide`` default policies and/or exemptions, the"},{"line_number":129,"context_line":"PodSecurity plugin of the AdmissionConfiguration resource can be used. The"}],"source_content_type":"text/x-rst","patch_set":3,"id":"a6feec8b_06b76670","line":126,"range":{"start_line":126,"start_character":0,"end_line":126,"end_character":4},"in_reply_to":"4bacc60e_afb3a2b8","updated":"2022-06-27 15:10:18.000000000","message":"Done","commit_id":"910c764436a340599f00107730b64a46db1bccf9"},{"author":{"_account_id":31292,"name":"ayyappa","email":"ayyappa.mantri@windriver.com","username":"amantri"},"change_message_id":"2ab05303ef0b4e7e1a1e39365cd55cec03c43355","unresolved":true,"context_lines":[{"line_number":135,"context_line":""},{"line_number":136,"context_line":".. code-block:: none"},{"line_number":137,"context_line":""},{"line_number":138,"context_line":"    apiserver_extra_args:"},{"line_number":139,"context_line":"      admission-control-config-file: \"/etc/kubernetes/admission-control-config-file.yaml\""},{"line_number":140,"context_line":""},{"line_number":141,"context_line":"    apiserver_extra_volumes:"}],"source_content_type":"text/x-rst","patch_set":3,"id":"dfde22c5_b9c8aeea","line":138,"updated":"2022-06-27 12:59:58.000000000","message":"copy paste of these code snippets adds tab, which is difficult for user. Can we remove these?","commit_id":"910c764436a340599f00107730b64a46db1bccf9"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"b6b70b1ad54d50cbff9932ba1f103215c936af38","unresolved":false,"context_lines":[{"line_number":135,"context_line":""},{"line_number":136,"context_line":".. code-block:: none"},{"line_number":137,"context_line":""},{"line_number":138,"context_line":"    apiserver_extra_args:"},{"line_number":139,"context_line":"      admission-control-config-file: \"/etc/kubernetes/admission-control-config-file.yaml\""},{"line_number":140,"context_line":""},{"line_number":141,"context_line":"    apiserver_extra_volumes:"}],"source_content_type":"text/x-rst","patch_set":3,"id":"55f1dfb5_b2758f0c","line":138,"in_reply_to":"dfde22c5_b9c8aeea","updated":"2022-06-27 13:43:15.000000000","message":"Done","commit_id":"910c764436a340599f00107730b64a46db1bccf9"},{"author":{"_account_id":31646,"name":"Carmen Rata","email":"carmen.rata@windriver.com","username":"crata"},"change_message_id":"b0f653dadea5d20be7121908897720004a5892a6","unresolved":true,"context_lines":[{"line_number":162,"context_line":"See :ref:`Kubernetes Custom Configuration"},{"line_number":163,"context_line":"\u003ckubernetes-custom-configuration-31c1fd41857d\u003e` for more details on kubernetes"},{"line_number":164,"context_line":"configuration, ``apiserver_extra_args`` and ``apiserver_extra_volumes``."},{"line_number":165,"context_line":""},{"line_number":166,"context_line":"---------------------------------"},{"line_number":167,"context_line":"Platform namespaces configuration"},{"line_number":168,"context_line":"---------------------------------"}],"source_content_type":"text/x-rst","patch_set":3,"id":"fe7dc535_b6795d7b","line":165,"updated":"2022-06-27 14:22:30.000000000","message":"You did not include the example of the generic definition of the \"AdmissionConfiguration\". Maybe a reference to it then.","commit_id":"910c764436a340599f00107730b64a46db1bccf9"},{"author":{"_account_id":31646,"name":"Carmen Rata","email":"carmen.rata@windriver.com","username":"crata"},"change_message_id":"1efa3226aecf3327048a9d4ff26381c5193c5d90","unresolved":true,"context_lines":[{"line_number":162,"context_line":"See :ref:`Kubernetes Custom Configuration"},{"line_number":163,"context_line":"\u003ckubernetes-custom-configuration-31c1fd41857d\u003e` for more details on kubernetes"},{"line_number":164,"context_line":"configuration, ``apiserver_extra_args`` and ``apiserver_extra_volumes``."},{"line_number":165,"context_line":""},{"line_number":166,"context_line":"---------------------------------"},{"line_number":167,"context_line":"Platform namespaces configuration"},{"line_number":168,"context_line":"---------------------------------"}],"source_content_type":"text/x-rst","patch_set":3,"id":"d639c424_9c565894","line":165,"in_reply_to":"d08002ab_200ba04d","updated":"2022-06-27 22:59:08.000000000","message":"You can say: \n\nThe generic definition of the \"AdmissionConfiguration\" resource can be found at https://kubernetes.io/docs/tasks/configure-pod-container/enforce-standards-admission-controller/","commit_id":"910c764436a340599f00107730b64a46db1bccf9"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"d69b54c5dc3173c7bc337d821b307e55ac6de0bc","unresolved":false,"context_lines":[{"line_number":162,"context_line":"See :ref:`Kubernetes Custom Configuration"},{"line_number":163,"context_line":"\u003ckubernetes-custom-configuration-31c1fd41857d\u003e` for more details on kubernetes"},{"line_number":164,"context_line":"configuration, ``apiserver_extra_args`` and ``apiserver_extra_volumes``."},{"line_number":165,"context_line":""},{"line_number":166,"context_line":"---------------------------------"},{"line_number":167,"context_line":"Platform namespaces configuration"},{"line_number":168,"context_line":"---------------------------------"}],"source_content_type":"text/x-rst","patch_set":3,"id":"725526c3_d8fc0529","line":165,"in_reply_to":"d639c424_9c565894","updated":"2022-06-28 02:17:11.000000000","message":"Done","commit_id":"910c764436a340599f00107730b64a46db1bccf9"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"9d5d0140b01afeb5bc16e6913cdac4629e3786c5","unresolved":true,"context_lines":[{"line_number":162,"context_line":"See :ref:`Kubernetes Custom Configuration"},{"line_number":163,"context_line":"\u003ckubernetes-custom-configuration-31c1fd41857d\u003e` for more details on kubernetes"},{"line_number":164,"context_line":"configuration, ``apiserver_extra_args`` and ``apiserver_extra_volumes``."},{"line_number":165,"context_line":""},{"line_number":166,"context_line":"---------------------------------"},{"line_number":167,"context_line":"Platform namespaces configuration"},{"line_number":168,"context_line":"---------------------------------"}],"source_content_type":"text/x-rst","patch_set":3,"id":"d08002ab_200ba04d","line":165,"in_reply_to":"fe7dc535_b6795d7b","updated":"2022-06-27 15:10:18.000000000","message":"Greg asked to remove it, I can add it back if you think it is relevant.","commit_id":"910c764436a340599f00107730b64a46db1bccf9"},{"author":{"_account_id":31646,"name":"Carmen Rata","email":"carmen.rata@windriver.com","username":"crata"},"change_message_id":"b0f653dadea5d20be7121908897720004a5892a6","unresolved":true,"context_lines":[{"line_number":186,"context_line":"                  pod-security.kubernetes.io/enforce-version\u003dlatest"},{"line_number":187,"context_line":"                  pod-security.kubernetes.io/warn\u003dprivileged"},{"line_number":188,"context_line":"                  pod-security.kubernetes.io/warn-version\u003dlatest"},{"line_number":189,"context_line":""},{"line_number":190,"context_line":"-------------------------------------------------"},{"line_number":191,"context_line":"Pod Security Admission Controller - Usage Example"},{"line_number":192,"context_line":"-------------------------------------------------"}],"source_content_type":"text/x-rst","patch_set":3,"id":"60837f3b_cf016a33","line":189,"updated":"2022-06-27 14:22:30.000000000","message":"there are a few more lines to the \"kubectl describe namespace\" command:\n\nAnnotations:  \u003cnone\u003e\nStatus:       Active\n\nNo resource quota.\n\nNo LimitRange resource\n\nI think for completeness they would be needed.","commit_id":"910c764436a340599f00107730b64a46db1bccf9"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"9d5d0140b01afeb5bc16e6913cdac4629e3786c5","unresolved":false,"context_lines":[{"line_number":186,"context_line":"                  pod-security.kubernetes.io/enforce-version\u003dlatest"},{"line_number":187,"context_line":"                  pod-security.kubernetes.io/warn\u003dprivileged"},{"line_number":188,"context_line":"                  pod-security.kubernetes.io/warn-version\u003dlatest"},{"line_number":189,"context_line":""},{"line_number":190,"context_line":"-------------------------------------------------"},{"line_number":191,"context_line":"Pod Security Admission Controller - Usage Example"},{"line_number":192,"context_line":"-------------------------------------------------"}],"source_content_type":"text/x-rst","patch_set":3,"id":"d343de1c_56127697","line":189,"in_reply_to":"60837f3b_cf016a33","updated":"2022-06-27 15:10:18.000000000","message":"Done","commit_id":"910c764436a340599f00107730b64a46db1bccf9"},{"author":{"_account_id":31646,"name":"Carmen Rata","email":"carmen.rata@windriver.com","username":"crata"},"change_message_id":"b0f653dadea5d20be7121908897720004a5892a6","unresolved":true,"context_lines":[{"line_number":191,"context_line":"Pod Security Admission Controller - Usage Example"},{"line_number":192,"context_line":"-------------------------------------------------"},{"line_number":193,"context_line":""},{"line_number":194,"context_line":"This page walks thru a usage example os |PSA| where you will:"},{"line_number":195,"context_line":""},{"line_number":196,"context_line":"-   Create a namespace for each of the 3 security policies levels: privileged,"},{"line_number":197,"context_line":"    baseline and restricted."}],"source_content_type":"text/x-rst","patch_set":3,"id":"8dce29bf_da230e50","line":194,"updated":"2022-06-27 14:22:30.000000000","message":"There is a typo \"os\"","commit_id":"910c764436a340599f00107730b64a46db1bccf9"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"9d5d0140b01afeb5bc16e6913cdac4629e3786c5","unresolved":false,"context_lines":[{"line_number":191,"context_line":"Pod Security Admission Controller - Usage Example"},{"line_number":192,"context_line":"-------------------------------------------------"},{"line_number":193,"context_line":""},{"line_number":194,"context_line":"This page walks thru a usage example os |PSA| where you will:"},{"line_number":195,"context_line":""},{"line_number":196,"context_line":"-   Create a namespace for each of the 3 security policies levels: privileged,"},{"line_number":197,"context_line":"    baseline and restricted."}],"source_content_type":"text/x-rst","patch_set":3,"id":"b3412e15_269bb22d","line":194,"in_reply_to":"8dce29bf_da230e50","updated":"2022-06-27 15:10:18.000000000","message":"Done","commit_id":"910c764436a340599f00107730b64a46db1bccf9"},{"author":{"_account_id":31292,"name":"ayyappa","email":"ayyappa.mantri@windriver.com","username":"amantri"},"change_message_id":"2ab05303ef0b4e7e1a1e39365cd55cec03c43355","unresolved":true,"context_lines":[{"line_number":205,"context_line":".. code-block:: none"},{"line_number":206,"context_line":""},{"line_number":207,"context_line":"    controller-0:~$ vi baseline-ns.yaml"},{"line_number":208,"context_line":"        apiVersion: v1"},{"line_number":209,"context_line":"        kind: Namespace"},{"line_number":210,"context_line":"        metadata:"},{"line_number":211,"context_line":"         name: baseline-ns"}],"source_content_type":"text/x-rst","patch_set":3,"id":"3e04f24e_6b58dafc","line":208,"updated":"2022-06-27 12:59:58.000000000","message":"copy paste of these code snippets adds tabs, which is difficult for user. Can we remove these?\n\nfor example, the copy, paste of the code looks as follows\n\n        apiVersion: v1\n        kind: Pod\n        metadata:\n         name: privileged\n        spec:\n         containers:\n          - name: pause\n            image: k8s.gcr.io/pause\n            securityContext:\n             privileged: true","commit_id":"910c764436a340599f00107730b64a46db1bccf9"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"b6b70b1ad54d50cbff9932ba1f103215c936af38","unresolved":false,"context_lines":[{"line_number":205,"context_line":".. code-block:: none"},{"line_number":206,"context_line":""},{"line_number":207,"context_line":"    controller-0:~$ vi baseline-ns.yaml"},{"line_number":208,"context_line":"        apiVersion: v1"},{"line_number":209,"context_line":"        kind: Namespace"},{"line_number":210,"context_line":"        metadata:"},{"line_number":211,"context_line":"         name: baseline-ns"}],"source_content_type":"text/x-rst","patch_set":3,"id":"b17224c1_d0dc681d","line":208,"in_reply_to":"3e04f24e_6b58dafc","updated":"2022-06-27 13:43:15.000000000","message":"Done","commit_id":"910c764436a340599f00107730b64a46db1bccf9"},{"author":{"_account_id":31292,"name":"ayyappa","email":"ayyappa.mantri@windriver.com","username":"amantri"},"change_message_id":"2ab05303ef0b4e7e1a1e39365cd55cec03c43355","unresolved":true,"context_lines":[{"line_number":220,"context_line":"    controller-0:~$ kubectl apply -f baseline-ns.yaml"},{"line_number":221,"context_line":""},{"line_number":222,"context_line":"    controller-0:~$ vi privileged-ns.yaml"},{"line_number":223,"context_line":"        apiVersion: v1"},{"line_number":224,"context_line":"        kind: Namespace"},{"line_number":225,"context_line":"        metadata:"},{"line_number":226,"context_line":"         name: privileged-ns"}],"source_content_type":"text/x-rst","patch_set":3,"id":"da6891dc_0bade2bb","line":223,"updated":"2022-06-27 12:59:58.000000000","message":"same here","commit_id":"910c764436a340599f00107730b64a46db1bccf9"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"b6b70b1ad54d50cbff9932ba1f103215c936af38","unresolved":false,"context_lines":[{"line_number":220,"context_line":"    controller-0:~$ kubectl apply -f baseline-ns.yaml"},{"line_number":221,"context_line":""},{"line_number":222,"context_line":"    controller-0:~$ vi privileged-ns.yaml"},{"line_number":223,"context_line":"        apiVersion: v1"},{"line_number":224,"context_line":"        kind: Namespace"},{"line_number":225,"context_line":"        metadata:"},{"line_number":226,"context_line":"         name: privileged-ns"}],"source_content_type":"text/x-rst","patch_set":3,"id":"2c99f810_0ca8fa57","line":223,"in_reply_to":"da6891dc_0bade2bb","updated":"2022-06-27 13:43:15.000000000","message":"Done","commit_id":"910c764436a340599f00107730b64a46db1bccf9"},{"author":{"_account_id":31292,"name":"ayyappa","email":"ayyappa.mantri@windriver.com","username":"amantri"},"change_message_id":"2ab05303ef0b4e7e1a1e39365cd55cec03c43355","unresolved":true,"context_lines":[{"line_number":250,"context_line":"    controller-0:~$ kubectl apply -f restricted-ns.yaml"},{"line_number":251,"context_line":""},{"line_number":252,"context_line":"    controller-0:~$ vi privileged-pod.yaml"},{"line_number":253,"context_line":"        apiVersion: v1"},{"line_number":254,"context_line":"        kind: Pod"},{"line_number":255,"context_line":"        metadata:"},{"line_number":256,"context_line":"         name: privileged"}],"source_content_type":"text/x-rst","patch_set":3,"id":"2a3cee87_8a4248ab","line":253,"updated":"2022-06-27 12:59:58.000000000","message":"same here","commit_id":"910c764436a340599f00107730b64a46db1bccf9"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"b6b70b1ad54d50cbff9932ba1f103215c936af38","unresolved":false,"context_lines":[{"line_number":250,"context_line":"    controller-0:~$ kubectl apply -f restricted-ns.yaml"},{"line_number":251,"context_line":""},{"line_number":252,"context_line":"    controller-0:~$ vi privileged-pod.yaml"},{"line_number":253,"context_line":"        apiVersion: v1"},{"line_number":254,"context_line":"        kind: Pod"},{"line_number":255,"context_line":"        metadata:"},{"line_number":256,"context_line":"         name: privileged"}],"source_content_type":"text/x-rst","patch_set":3,"id":"10a1fc55_10382b19","line":253,"in_reply_to":"2a3cee87_8a4248ab","updated":"2022-06-27 13:43:15.000000000","message":"Done","commit_id":"910c764436a340599f00107730b64a46db1bccf9"}],"doc/source/security/kubernetes/pod-security-policies.rst":[{"author":{"_account_id":26026,"name":"Greg Waines","email":"greg.waines@windriver.com","username":"gwaines"},"change_message_id":"1ac3311a7045880a67af69bbd9b16bfffbe88fdf","unresolved":true,"context_lines":[{"line_number":50,"context_line":" \tto based on other [Cluster]RoleBindings."},{"line_number":51,"context_line":""},{"line_number":52,"context_line":"PodSecurityPolicy (PSP) is deprecated as of Kubernetes v1.21 and will be"},{"line_number":53,"context_line":"removed in v1.25. PSP will continue to be fully functional for several more"},{"line_number":54,"context_line":"releases."},{"line_number":55,"context_line":""},{"line_number":56,"context_line":"Since first introduced PSP has shown some serious usability problems."},{"line_number":57,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"68fb4274_80f4b471","line":54,"range":{"start_line":53,"start_character":59,"end_line":54,"end_character":8},"updated":"2022-06-24 12:44:34.000000000","message":"until being removed in v1.25","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"fcf536b55ac2ce49429d9e1eee8b0cbce1957f70","unresolved":false,"context_lines":[{"line_number":50,"context_line":" \tto based on other [Cluster]RoleBindings."},{"line_number":51,"context_line":""},{"line_number":52,"context_line":"PodSecurityPolicy (PSP) is deprecated as of Kubernetes v1.21 and will be"},{"line_number":53,"context_line":"removed in v1.25. PSP will continue to be fully functional for several more"},{"line_number":54,"context_line":"releases."},{"line_number":55,"context_line":""},{"line_number":56,"context_line":"Since first introduced PSP has shown some serious usability problems."},{"line_number":57,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"0f70f223_83929e18","line":54,"range":{"start_line":53,"start_character":59,"end_line":54,"end_character":8},"in_reply_to":"68fb4274_80f4b471","updated":"2022-06-24 17:04:22.000000000","message":"Done","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":26026,"name":"Greg Waines","email":"greg.waines@windriver.com","username":"gwaines"},"change_message_id":"1ac3311a7045880a67af69bbd9b16bfffbe88fdf","unresolved":true,"context_lines":[{"line_number":60,"context_line":"and difficult to inspect which PSPs apply in a certain situation."},{"line_number":61,"context_line":""},{"line_number":62,"context_line":"As a beta feature, Kubernetes offers a built-in Pod Security Admission (PSA)"},{"line_number":63,"context_line":"controller, the successor to PSP."}],"source_content_type":"text/x-rst","patch_set":1,"id":"6ce11f62_212d6665","line":63,"range":{"start_line":63,"start_character":32,"end_line":63,"end_character":33},"updated":"2022-06-24 12:44:34.000000000","message":"shouldn\u0027t we reference the PSA section ?","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"92f2d01c681286646cf7da114aaf5017d900236d","unresolved":false,"context_lines":[{"line_number":60,"context_line":"and difficult to inspect which PSPs apply in a certain situation."},{"line_number":61,"context_line":""},{"line_number":62,"context_line":"As a beta feature, Kubernetes offers a built-in Pod Security Admission (PSA)"},{"line_number":63,"context_line":"controller, the successor to PSP."}],"source_content_type":"text/x-rst","patch_set":1,"id":"c36b622b_3e0fb3f0","line":63,"range":{"start_line":63,"start_character":32,"end_line":63,"end_character":33},"in_reply_to":"6ce11f62_212d6665","updated":"2022-06-24 17:04:42.000000000","message":"Done","commit_id":"5b78298cf1e0f260975e6cd24e8c5875939c9ec3"}]}