github.com/rancher/elemental/tests@v0.0.0-20240517125144-ae048c615b3f/assets/hardened_cluster/psa.yaml

github.com/rancher/elemental/tests@v0.0.0-20240517125144-ae048c615b3f/assets/hardened_cluster/psa.yaml (about)

     1  # The following configuration comes from 
     2  # https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/upgrade-a-hardened-cluster-to-k8s-v1-25
     3  apiVersion: apiserver.config.k8s.io/v1
     4  kind: AdmissionConfiguration
     5  plugins:
     6  - name: PodSecurity
     7    configuration:
     8      apiVersion: pod-security.admission.config.k8s.io/v1beta1
     9      kind: PodSecurityConfiguration
    10      defaults:
    11        enforce: "restricted"
    12        enforce-version: "latest"
    13        audit: "restricted"
    14        audit-version: "latest"
    15        warn: "restricted"
    16        warn-version: "latest"
    17      exemptions:
    18        usernames: []
    19        runtimeClasses: []
    20        namespaces:
    21        - ingress-nginx
    22        - kube-system
    23        - fleet-default
    24        - cattle-system
    25        - cattle-epinio-system
    26        - cattle-fleet-system
    27        - cattle-elemental-system
    28        - longhorn-system
    29        - cattle-neuvector-system
    30        - cattle-monitoring-system
    31        - cattle-resources-system
    32        - rancher-alerting-drivers
    33        - cis-operator-system
    34        - cattle-csp-adapter-system
    35        - cattle-externalip-system
    36        - cattle-gatekeeper-system
    37        - istio-system
    38        - cattle-istio-system
    39        - cattle-logging-system
    40        - cattle-windows-gmsa-system
    41        - cattle-sriov-system
    42        - cattle-ui-plugin-system
    43        - tigera-operator