From e047229a8b2f9cfc68e4210be656f12d71a058c8 Mon Sep 17 00:00:00 2001 From: Adrien Reslinger Date: Sat, 28 Sep 2024 18:52:40 +0200 Subject: [PATCH 1/2] Fix NetworkPolicies --- .../server/manifests/np-01-default-network-dns-policy.yaml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/var/lib/rancher/k3s/server/manifests/np-01-default-network-dns-policy.yaml.j2 b/templates/var/lib/rancher/k3s/server/manifests/np-01-default-network-dns-policy.yaml.j2 index e0c00b8..9357b4f 100644 --- a/templates/var/lib/rancher/k3s/server/manifests/np-01-default-network-dns-policy.yaml.j2 +++ b/templates/var/lib/rancher/k3s/server/manifests/np-01-default-network-dns-policy.yaml.j2 @@ -2,7 +2,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: default-network-dns-policy - namespace: + namespace: kube-system spec: ingress: - ports: From 7e78625cffc7d8d245f202436a2ddcd56d5b346c Mon Sep 17 00:00:00 2001 From: Adrien Reslinger Date: Sat, 28 Sep 2024 18:53:03 +0200 Subject: [PATCH 2/2] Add EventRateLimit admission configuration --- files/etc/kubernetes/psa.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/files/etc/kubernetes/psa.yaml b/files/etc/kubernetes/psa.yaml index 9072c55..fe13d52 100644 --- a/files/etc/kubernetes/psa.yaml +++ b/files/etc/kubernetes/psa.yaml @@ -16,3 +16,12 @@ plugins: usernames: [] runtimeClasses: [] namespaces: [kube-system, cis-operator-system] +- name: EventRateLimit + configuration: + apiVersion: eventratelimit.admission.k8s.io/v1alpha1 + kind: Configuration + limits: + - burst: 20000 + qps: 5000 + type: Server + path: ""