
Automatically patches resources on admission to meet PSA restricted requirements

APACHE-2.0 License



NPM Scripts

The following scripts are available

  • lint lints the source code using eslint
  • lint:fix automatically fixes any lint errors that can be fixed automatically
  • test uses jest to run test suites
  • test:e2e runs e2e test suite, this requires an active helm:deploy
  • build compiles the typescript into js and places it in the dist folder
  • build:image builds the container image
  • build:docs builds the api docs
  • minikube:start create a minikube k8s cluster
  • minikube:stop stop minikube but do not delete
  • minikube:delete delete the minikube cluster
  • helm:addRepos adds helm repos
  • helm:deployCertManager deploy cert-manager for TLS
  • helm:deploy deploy the app to k8s using helm
  • helm:template print the k8s yaml that would be applied to k8s when using helm:deploy
  • helm:uninstall remove the app from k8s
  • helm:uninstallCertManager remove cert-manager from the k8s cluster

Deploy it

If you don't already have cert manager installed you will need to run:

helm repo add jetstack && helm repo update && \
  helm upgrade --install --namespace cert-manager --create-namespace \
  cert-manager jetstack/cert-manager --set installCRDs=true --debug --wait

Add the helm repos helm repo add psa fetch updates helm repo update.

Verify it worked helm search repo psa and you should see something like.

NAME                                                    CHART VERSION   APP VERSION     DESCRIPTION
psa/psa-restricted-patcher...      0.1.0           0.1.0          ...

Deploy the app helm upgrade --install starter psa/psa-restricted-patcher

Verify it worked kubectl run testpod --image=busybox, this will be changed, fetch it's yaml kubectl get testpod -o yaml you will see its securityContext's have been enhanced.

