richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5565 Commits
33 Branches
82 Tags
153 MiB
Tree: b2995e4ec4
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'b2995e4ec4'
${ noResults }
kubespray/roles/kubernetes-apps/cluster_roles/templates/psp.yml.j2

27 lines
947 B
Raw Normal View History

psp, roles and rbs for PodSecurityPolicy when podsecuritypolicy_enabled is true
6 years ago
Replace seccomp profile docker/default with runtime/default (#6170) Signed-off-by: Wang Zhen <lazybetrayer@gmail.com>
4 years ago
psp, roles and rbs for PodSecurityPolicy when podsecuritypolicy_enabled is true
6 years ago
Customize PodSecurityPolicies from inventory (#5920) * Customize PodSecurityPolicies from inventory * Fixed yaml indentation
4 years ago
psp, roles and rbs for PodSecurityPolicy when podsecuritypolicy_enabled is true
6 years ago
Customize PodSecurityPolicies from inventory (#5920) * Customize PodSecurityPolicies from inventory * Fixed yaml indentation
4 years ago
  1. ---
  2. apiVersion: policy/v1beta1
  3. kind: PodSecurityPolicy
  4. metadata:
  5. name: restricted
  6. annotations:
  7. seccomp.security.alpha.kubernetes.io/defaultProfileName: 'runtime/default'
  8. seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default'
  9. {% if apparmor_enabled %}
  10. apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
  11. apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default'
  12. {% endif %}
  13. labels:
  14. addonmanager.kubernetes.io/mode: Reconcile
  15. spec:
  16. {{ podsecuritypolicy_restricted_spec | to_yaml(indent=2, width=1337) | indent(width=2) }}
  17. ---
  18. apiVersion: policy/v1beta1
  19. kind: PodSecurityPolicy
  20. metadata:
  21. name: privileged
  22. annotations:
  23. seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
  24. labels:
  25. addonmanager.kubernetes.io/mode: Reconcile
  26. spec:
  27. {{ podsecuritypolicy_privileged_spec | to_yaml(indent=2, width=1337) | indent(width=2) }}