rptaylor
4 years ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with
7 additions and
2 deletions
-
roles/kubernetes-apps/cluster_roles/defaults/main.yml
|
|
@ -19,6 +19,11 @@ podsecuritypolicy_restricted_spec: |
|
|
rule: 'MustRunAsNonRoot' |
|
|
rule: 'MustRunAsNonRoot' |
|
|
seLinux: |
|
|
seLinux: |
|
|
rule: 'RunAsAny' |
|
|
rule: 'RunAsAny' |
|
|
|
|
|
runAsGroup: |
|
|
|
|
|
rule: 'MustRunAs' |
|
|
|
|
|
ranges: |
|
|
|
|
|
- min: 1 |
|
|
|
|
|
max: 65535 |
|
|
supplementalGroups: |
|
|
supplementalGroups: |
|
|
rule: 'MustRunAs' |
|
|
rule: 'MustRunAs' |
|
|
ranges: |
|
|
ranges: |
|
|
@ -30,8 +35,6 @@ podsecuritypolicy_restricted_spec: |
|
|
- min: 1 |
|
|
- min: 1 |
|
|
max: 65535 |
|
|
max: 65535 |
|
|
readOnlyRootFilesystem: false |
|
|
readOnlyRootFilesystem: false |
|
|
forbiddenSysctls: |
|
|
|
|
|
- '*' |
|
|
|
|
|
|
|
|
|
|
|
podsecuritypolicy_privileged_spec: |
|
|
podsecuritypolicy_privileged_spec: |
|
|
privileged: true |
|
|
privileged: true |
|
|
@ -50,6 +53,8 @@ podsecuritypolicy_privileged_spec: |
|
|
rule: 'RunAsAny' |
|
|
rule: 'RunAsAny' |
|
|
seLinux: |
|
|
seLinux: |
|
|
rule: 'RunAsAny' |
|
|
rule: 'RunAsAny' |
|
|
|
|
|
runAsGroup: |
|
|
|
|
|
rule: 'RunAsAny' |
|
|
supplementalGroups: |
|
|
supplementalGroups: |
|
|
rule: 'RunAsAny' |
|
|
rule: 'RunAsAny' |
|
|
fsGroup: |
|
|
fsGroup: |
|
|
|
