Securing k3s deployment

2024-09-01 14:36:15 +02:00 · 2024-09-01 14:36:15 +02:00 · 5717cca04d
commit 5717cca04d
parent 3fd4c7dee0
7 changed files with 153 additions and 6 deletions
--- a/files/etc/kubernetes/psa.yaml
+++ b/files/etc/kubernetes/psa.yaml
@ -0,0 +1,18 @@
+apiVersion: apiserver.config.k8s.io/v1
+kind: AdmissionConfiguration
+plugins:
+- name: PodSecurity
+  configuration:
+    apiVersion: pod-security.admission.config.k8s.io/v1beta1
+    kind: PodSecurityConfiguration
+    defaults:
+      enforce: "restricted"
+      enforce-version: "latest"
+      audit: "restricted"
+      audit-version: "latest"
+      warn: "restricted"
+      warn-version: "latest"
+    exemptions:
+      usernames: []
+      runtimeClasses: []
+      namespaces: [kube-system, cis-operator-system]