diff --git a/experimental/security/PSS/dynamic/baseline/kustomization.yaml b/apps/profiles/pss/kustomization.yaml similarity index 79% rename from experimental/security/PSS/dynamic/baseline/kustomization.yaml rename to apps/profiles/pss/kustomization.yaml index c4833c05e1..fa99b3dff5 100644 --- a/experimental/security/PSS/dynamic/baseline/kustomization.yaml +++ b/apps/profiles/pss/kustomization.yaml @@ -3,7 +3,7 @@ kind: Kustomization namespace: kubeflow resources: -- ../../../../../apps/profiles/upstream/overlays/kubeflow +- ../upstream/overlays/kubeflow configMapGenerator: - name: namespace-labels-data diff --git a/experimental/security/PSS/dynamic/baseline/namespace-labels.yaml b/apps/profiles/pss/namespace-labels.yaml similarity index 100% rename from experimental/security/PSS/dynamic/baseline/namespace-labels.yaml rename to apps/profiles/pss/namespace-labels.yaml diff --git a/example/kustomization.yaml b/example/kustomization.yaml index 54cb199751..ee45dc46ea 100644 --- a/example/kustomization.yaml +++ b/example/kustomization.yaml @@ -78,8 +78,8 @@ resources: - ../apps/jupyter/jupyter-web-app/upstream/overlays/istio # Notebook Controller - ../apps/jupyter/notebook-controller/upstream/overlays/kubeflow -# Profiles + KFAM -- ../apps/profiles/upstream/overlays/kubeflow +# Profiles + KFAM with PSS (Pod Security Standards) +- ../apps/profiles/pss # PVC Viewer - ../apps/pvcviewer-controller/upstream/base # Volumes Web App diff --git a/tests/multi_tenancy_install.sh b/tests/multi_tenancy_install.sh index 75ec801ba9..8011dd6ddc 100755 --- a/tests/multi_tenancy_install.sh +++ b/tests/multi_tenancy_install.sh @@ -1,9 +1,8 @@ #!/bin/bash set -euo pipefail -echo "Installing Profiles Controller" -kustomize build apps/profiles/upstream/overlays/kubeflow | kubectl apply -f - -kustomize build experimental/security/PSS/dynamic/baseline | kubectl apply -f - +echo "Installing Profiles Controller with PSS (Pod Security Standards)" +kustomize build apps/profiles/pss | kubectl apply -f - kubectl -n kubeflow wait --for=condition=Ready pods -l kustomize.component=profiles --timeout 180s echo "Installing Multitenancy Kubeflow Roles"