public/rancher-docs
1
0
Fork 0
mirror of https://github.com/rancher/rancher-docs.git synced 2026-05-05 12:43:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
eef73d106dbb9490f9e1a14fc6eec3d8a39c48e3
rancher-docs/versioned_docs/version-2.13/reference-guides/rancher-security/psa-restricted-exemptions.md
T
Sunil Singh dd90555a64 Removing ingress-nginx due to deprecation and replacing with traefik. 
Signed-off-by: Sunil Singh <sunil.singh@suse.com>
2026-03-12 11:12:28 -07:00

75 lines
2.1 KiB
Markdown
Raw Blame History

---
title: Sample PodSecurityConfiguration
---
<head>
<link rel="canonical" href="https://ranchermanager.docs.rancher.com/reference-guides/rancher-security/psa-restricted-exemptions"/>
</head>
The following PodSecurityConfiguration contains the required Rancher namespace exemptions for a `rancher-restricted` cluster to run properly.
```yaml
apiVersion: apiserver.config.k8s.io/v1
kind: AdmissionConfiguration
plugins:
- name: PodSecurity
configuration:
apiVersion: pod-security.admission.config.k8s.io/v1
kind: PodSecurityConfiguration
defaults:
enforce: "restricted"
enforce-version: "latest"
audit: "restricted"
audit-version: "latest"
warn: "restricted"
warn-version: "latest"
exemptions:
namespaces:
- calico-apiserver
- calico-system
- cattle-alerting
- cattle-capi-system
- cattle-csp-adapter-system
- cattle-elemental-system
- cattle-epinio-system
- cattle-externalip-system
- cattle-fleet-local-system
- cattle-fleet-system
- cattle-gatekeeper-system
- cattle-global-data
- cattle-global-nt
- cattle-impersonation-system
- cattle-istio
- cattle-istio-system
- cattle-logging
- cattle-logging-system
- cattle-monitoring-system
- cattle-neuvector-system
- cattle-prometheus
- cattle-provisioning-capi-system
- cattle-resources-system
- cattle-sriov-system
- cattle-system
- cattle-turtles-system
- cattle-ui-plugin-system
- cattle-windows-gmsa-system
- cert-manager
- cis-operator-system
- compliance-operator-system
- fleet-default
- fleet-local
- istio-system
- kube-node-lease
- kube-public
- kube-system
- longhorn-system
- rancher-alerting-drivers
- rancher-compliance-system
- security-scan
- sr-operator-system
- tigera-operator
- traefik
runtimeClasses: []
usernames: []
```
Reference in New Issue View Git Blame Copy Permalink