Kubernetes custom configuration rework
removed trailing white spaces added comments from Patchset 2 Updated example output to fix indentations Updated kubernetes-custom-configuration-31c1fd41857d.rst Signed-off-by: Oliver Loten <Oliver.Loten@windriver.com> Change-Id: Idbc0f9a03fbcc67f075367cdfba18a3053228a95
This commit is contained in:
parent
65a9de5869
commit
e965208807
3
doc/source/.vscode/settings.json
vendored
Normal file
3
doc/source/.vscode/settings.json
vendored
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
{
|
||||||
|
"esbonio.sphinx.confDir": ""
|
||||||
|
}
|
@ -137,7 +137,7 @@ configuration file. The contents of these files are configured in the
|
|||||||
bootstrap overrides (localhost.yml) with the apiserver_extra_volumes,
|
bootstrap overrides (localhost.yml) with the apiserver_extra_volumes,
|
||||||
controllermanager_extra_volumes and scheduler_extra_volumes definitions.
|
controllermanager_extra_volumes and scheduler_extra_volumes definitions.
|
||||||
|
|
||||||
For instance, if admission plugins are configured and need additinal
|
For instance, if admission plugins are configured and need additional
|
||||||
configuration, that configuration should be set in a specific file referenced
|
configuration, that configuration should be set in a specific file referenced
|
||||||
by the **admission-control-config-file** parameter.
|
by the **admission-control-config-file** parameter.
|
||||||
|
|
||||||
@ -158,47 +158,47 @@ Example usage:
|
|||||||
mountPath: "/etc/kubernetes/admission-control-config-file.yaml"
|
mountPath: "/etc/kubernetes/admission-control-config-file.yaml"
|
||||||
readOnly: true
|
readOnly: true
|
||||||
pathType: "File"
|
pathType: "File"
|
||||||
content: |
|
|
||||||
apiVersion: apiserver.config.k8s.io/v1
|
|
||||||
kind: AdmissionConfiguration
|
|
||||||
plugins:
|
|
||||||
- name: PodSecurity
|
|
||||||
configuration:
|
|
||||||
apiVersion: pod-security.admission.config.k8s.io/v1beta1
|
|
||||||
kind: PodSecurityConfiguration
|
|
||||||
# Defaults applied when a mode label is not set.
|
|
||||||
#
|
|
||||||
# Level label values must be one of:
|
|
||||||
# - "privileged" (default)
|
|
||||||
# - "baseline"
|
|
||||||
# - "restricted"
|
|
||||||
#
|
|
||||||
# Version label values must be one of:
|
|
||||||
# - "latest" (default)
|
|
||||||
# - specific version like "v1.24"
|
|
||||||
defaults:
|
|
||||||
enforce: "privileged"
|
|
||||||
enforce-version: "latest"
|
|
||||||
audit: "privileged"
|
|
||||||
audit-version: "latest"
|
|
||||||
warn: "privileged"
|
|
||||||
warn-version: "latest"
|
|
||||||
exemptions:
|
|
||||||
# Array of authenticated usernames to exempt.
|
|
||||||
usernames: []
|
|
||||||
# Array of runtime class names to exempt.
|
|
||||||
runtimeClasses: []
|
|
||||||
# Array of namespaces to exempt.
|
|
||||||
namespaces: []
|
|
||||||
- name: pod-node-selector
|
|
||||||
mountPath: "/etc/kubernetes/pod-node-selector.yaml"
|
|
||||||
readOnly: true
|
|
||||||
pathType: "File"
|
|
||||||
content: |
|
content: |
|
||||||
podNodeSelectorPluginConfig:
|
apiVersion: apiserver.config.k8s.io/v1
|
||||||
clusterDefaultNodeSelector: name-of-node-selector
|
kind: AdmissionConfiguration
|
||||||
namespace1: name-of-node-selector
|
plugins:
|
||||||
namespace2: name-of-node-selector
|
- name: PodSecurity
|
||||||
|
configuration:
|
||||||
|
apiVersion: pod-security.admission.config.k8s.io/v1beta1
|
||||||
|
kind: PodSecurityConfiguration
|
||||||
|
# Defaults applied when a mode label is not set.
|
||||||
|
#
|
||||||
|
# Level label values must be one of:
|
||||||
|
# - "privileged" (default)
|
||||||
|
# - "baseline"
|
||||||
|
# - "restricted"
|
||||||
|
#
|
||||||
|
# Version label values must be one of:
|
||||||
|
# - "latest" (default)
|
||||||
|
# - specific version like "v1.24"
|
||||||
|
defaults:
|
||||||
|
enforce: "privileged"
|
||||||
|
enforce-version: "latest"
|
||||||
|
audit: "privileged"
|
||||||
|
audit-version: "latest"
|
||||||
|
warn: "privileged"
|
||||||
|
warn-version: "latest"
|
||||||
|
exemptions:
|
||||||
|
# Array of authenticated usernames to exempt.
|
||||||
|
usernames: []
|
||||||
|
# Array of runtime class names to exempt.
|
||||||
|
runtimeClasses: []
|
||||||
|
# Array of namespaces to exempt.
|
||||||
|
namespaces: []
|
||||||
|
- name: pod-node-selector
|
||||||
|
mountPath: "/etc/kubernetes/pod-node-selector.yaml"
|
||||||
|
readOnly: true
|
||||||
|
pathType: "File"
|
||||||
|
content: |
|
||||||
|
podNodeSelectorPluginConfig:
|
||||||
|
clusterDefaultNodeSelector: name-of-node-selector
|
||||||
|
namespace1: name-of-node-selector
|
||||||
|
namespace2: name-of-node-selector
|
||||||
|
|
||||||
The example below enables kubernetes auditing which requires an
|
The example below enables kubernetes auditing which requires an
|
||||||
audit-policy-file.yaml file to specify the details of what events should be
|
audit-policy-file.yaml file to specify the details of what events should be
|
||||||
|
Loading…
x
Reference in New Issue
Block a user