scottk/terraform-talos
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/terraform-talos.git synced 2025-11-02 03:08:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

PodSecurity fixes

Browse Source
This commit is contained in:
Serge Logvinov
2022-07-13 16:09:15 +03:00
parent bf709933a3
commit 225394da8b
2 changed files with 19 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
hetzner/deployments/hcloud-cloud-controller-manager.yaml
View File

@@ -34,8 +34,6 @@ spec:
metadata: metadata:
labels: labels:
app: hcloud-cloud-controller-manager app: hcloud-cloud-controller-manager
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
spec: spec:
serviceAccountName: cloud-controller-manager serviceAccountName: cloud-controller-manager
dnsPolicy: Default dnsPolicy: Default

19
hetzner/templates/controlplane.yaml.tpl
View File

@@ -94,6 +94,25 @@ cluster:
- "${ipv4_local}" - "${ipv4_local}"
- "${ipv4_vip}" - "${ipv4_vip}"
- "${apiDomain}" - "${apiDomain}"
admissionControl:
- name: PodSecurity
configuration:
apiVersion: pod-security.admission.config.k8s.io/v1alpha1
defaults:
audit: restricted
audit-version: latest
enforce: baseline
enforce-version: latest
warn: restricted
warn-version: latest
exemptions:
namespaces:
- kube-system
- ingress-nginx
- local-path-provisioner
runtimeClasses: []
usernames: []
kind: PodSecurityConfiguration
controllerManager: controllerManager:
extraArgs: extraArgs:
node-cidr-mask-size-ipv4: 24 node-cidr-mask-size-ipv4: 24