Browse Source
[podSecurityConfiguration]: fix apiVersion and change default policy versions (#10210)
Signed-off-by: Ugur <ugurozturk918@gmail.com>
pull/10216/head
Ugur Can Ozturk
1 year ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with
4 additions and
4 deletions
-
roles/kubernetes/control-plane/defaults/main/main.yml
-
roles/kubernetes/control-plane/templates/podsecurity.yaml.j2
|
|
|
@ -106,11 +106,11 @@ kube_apiserver_admission_event_rate_limits: {} |
|
|
|
|
|
|
|
kube_pod_security_use_default: false |
|
|
|
kube_pod_security_default_enforce: baseline |
|
|
|
kube_pod_security_default_enforce_version: latest |
|
|
|
kube_pod_security_default_enforce_version: "{{ kube_major_version }}" |
|
|
|
kube_pod_security_default_audit: restricted |
|
|
|
kube_pod_security_default_audit_version: latest |
|
|
|
kube_pod_security_default_audit_version: "{{ kube_major_version }}" |
|
|
|
kube_pod_security_default_warn: restricted |
|
|
|
kube_pod_security_default_warn_version: latest |
|
|
|
kube_pod_security_default_warn_version: "{{ kube_major_version }}" |
|
|
|
kube_pod_security_exemptions_usernames: [] |
|
|
|
kube_pod_security_exemptions_runtime_class_names: [] |
|
|
|
kube_pod_security_exemptions_namespaces: |
|
|
|
|
|
|
|
@ -1,5 +1,5 @@ |
|
|
|
{% if kube_pod_security_use_default %} |
|
|
|
apiVersion: pod-security.admission.config.k8s.io/v1beta1 |
|
|
|
apiVersion: pod-security.admission.config.k8s.io/v1 |
|
|
|
kind: PodSecurityConfiguration |
|
|
|
defaults: |
|
|
|
enforce: "{{ kube_pod_security_default_enforce }}" |
|
|
|
|
