public/rancher-docs
1
0
Fork 0
mirror of https://github.com/rancher/rancher-docs.git synced 2026-05-02 03:03:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Updating ns exemption list in sample configurations.

Browse Source 
Signed-off-by: Sunil Singh <sunil.singh@suse.com>
This commit is contained in:
Sunil Singh
2026-03-06 14:21:52 -08:00
parent 2dcfa6f6b8
commit b531d54872
18 changed files with 555 additions and 366 deletions
Download Patch File Download Diff File Expand all files Collapse all files
versioned_docs/version-2.14/reference-guides/rancher-security/psa-restricted-exemptions.md
+49 -48
View File
@@ -14,56 +14,57 @@ kind: AdmissionConfiguration
plugins:
- name: PodSecurity
configuration:
apiVersion: pod-security.admission.config.k8s.io/v1
apiVersion: pod-security.admission.config.k8s.io/v1beta1
kind: PodSecurityConfiguration
defaults:
enforce: "restricted"
enforce-version: "latest"
audit: "restricted"
audit-version: "latest"
warn: "restricted"
warn-version: "latest"
enforce: restricted
enforce-version: latest
exemptions:
usernames: []
namespaces:
- calico-apiserver
- calico-system
- cattle-alerting
- cattle-capi-system
- cattle-csp-adapter-system
- cattle-elemental-system
- cattle-epinio-system
- cattle-externalip-system
- cattle-fleet-local-system
- cattle-fleet-system
- cattle-gatekeeper-system
- cattle-global-data
- cattle-global-nt
- cattle-impersonation-system
- cattle-istio
- cattle-istio-system
- cattle-logging
- cattle-logging-system
- cattle-monitoring-system
- cattle-neuvector-system
- cattle-prometheus
- cattle-provisioning-capi-system
- cattle-resources-system
- cattle-sriov-system
- cattle-system
- cattle-turtles-system
- cattle-ui-plugin-system
- cattle-windows-gmsa-system
- cert-manager
- cis-operator-system
- compliance-operator-system
- fleet-default
- fleet-local
- ingress-nginx
- istio-system
- kube-node-lease
- kube-public
- kube-system
- longhorn-system
- rancher-alerting-drivers
- rancher-compliance-system
- security-scan
- sr-operator-system
- tigera-operator
runtimeClasses: []
namespaces: [calico-apiserver,
calico-system,
cattle-alerting,
cattle-csp-adapter-system,
cattle-elemental-system,
cattle-epinio-system,
cattle-externalip-system,
cattle-fleet-local-system,
cattle-fleet-system,
cattle-gatekeeper-system,
cattle-global-data,
cattle-global-nt,
cattle-impersonation-system,
cattle-istio,
cattle-istio-system,
cattle-logging,
cattle-logging-system,
cattle-monitoring-system,
cattle-neuvector-system,
cattle-prometheus,
cattle-provisioning-capi-system,
cattle-resources-system,
cattle-sriov-system,
cattle-system,
cattle-ui-plugin-system,
cattle-windows-gmsa-system,
cert-manager,
cis-operator-system,
fleet-default,
fleet-local,
ingress-nginx,
istio-system,
kube-node-lease,
kube-public,
kube-system,
longhorn-system,
rancher-alerting-drivers,
security-scan,
sr-operator-system,
tigera-operator]
usernames: []
```