add vpn insecure namespace
Change-Id: I8a774ae625342af3521ad0ab11a8f6d4e4ef6c97
diff --git a/cluster/kube/cluster.jsonnet b/cluster/kube/cluster.jsonnet
index 49e1c5a..9a2abdb 100644
--- a/cluster/kube/cluster.jsonnet
+++ b/cluster/kube/cluster.jsonnet
@@ -145,6 +145,8 @@
policies.AllowNamespaceInsecure("matrix"),
policies.AllowNamespaceInsecure("registry"),
policies.AllowNamespaceInsecure("internet"),
+ # TODO(implr): restricted policy with CAP_NET_ADMIN and tuntap, but no full root
+ policies.AllowNamespaceInsecure("implr-vpn"),
],
// Allow all service accounts (thus all controllers) to create secure pods.