Kubernetes custom configuration rework

removed trailing white spaces
added comments from Patchset 2
Updated example output to fix indentations
Updated kubernetes-custom-configuration-31c1fd41857d.rst

Signed-off-by: Oliver Loten <Oliver.Loten@windriver.com>
Change-Id: Idbc0f9a03fbcc67f075367cdfba18a3053228a95
This commit is contained in:
Oliver Loten 2022-07-13 14:29:24 -04:00
parent 65a9de5869
commit e965208807
2 changed files with 45 additions and 42 deletions

3
doc/source/.vscode/settings.json vendored Normal file
View File

@ -0,0 +1,3 @@
{
"esbonio.sphinx.confDir": ""
}

View File

@ -137,7 +137,7 @@ configuration file. The contents of these files are configured in the
bootstrap overrides (localhost.yml) with the apiserver_extra_volumes, bootstrap overrides (localhost.yml) with the apiserver_extra_volumes,
controllermanager_extra_volumes and scheduler_extra_volumes definitions. controllermanager_extra_volumes and scheduler_extra_volumes definitions.
For instance, if admission plugins are configured and need additinal For instance, if admission plugins are configured and need additional
configuration, that configuration should be set in a specific file referenced configuration, that configuration should be set in a specific file referenced
by the **admission-control-config-file** parameter. by the **admission-control-config-file** parameter.
@ -158,47 +158,47 @@ Example usage:
mountPath: "/etc/kubernetes/admission-control-config-file.yaml" mountPath: "/etc/kubernetes/admission-control-config-file.yaml"
readOnly: true readOnly: true
pathType: "File" pathType: "File"
content: |
apiVersion: apiserver.config.k8s.io/v1
kind: AdmissionConfiguration
plugins:
- name: PodSecurity
configuration:
apiVersion: pod-security.admission.config.k8s.io/v1beta1
kind: PodSecurityConfiguration
# Defaults applied when a mode label is not set.
#
# Level label values must be one of:
# - "privileged" (default)
# - "baseline"
# - "restricted"
#
# Version label values must be one of:
# - "latest" (default)
# - specific version like "v1.24"
defaults:
enforce: "privileged"
enforce-version: "latest"
audit: "privileged"
audit-version: "latest"
warn: "privileged"
warn-version: "latest"
exemptions:
# Array of authenticated usernames to exempt.
usernames: []
# Array of runtime class names to exempt.
runtimeClasses: []
# Array of namespaces to exempt.
namespaces: []
- name: pod-node-selector
mountPath: "/etc/kubernetes/pod-node-selector.yaml"
readOnly: true
pathType: "File"
content: | content: |
podNodeSelectorPluginConfig: apiVersion: apiserver.config.k8s.io/v1
clusterDefaultNodeSelector: name-of-node-selector kind: AdmissionConfiguration
namespace1: name-of-node-selector plugins:
namespace2: name-of-node-selector - name: PodSecurity
configuration:
apiVersion: pod-security.admission.config.k8s.io/v1beta1
kind: PodSecurityConfiguration
# Defaults applied when a mode label is not set.
#
# Level label values must be one of:
# - "privileged" (default)
# - "baseline"
# - "restricted"
#
# Version label values must be one of:
# - "latest" (default)
# - specific version like "v1.24"
defaults:
enforce: "privileged"
enforce-version: "latest"
audit: "privileged"
audit-version: "latest"
warn: "privileged"
warn-version: "latest"
exemptions:
# Array of authenticated usernames to exempt.
usernames: []
# Array of runtime class names to exempt.
runtimeClasses: []
# Array of namespaces to exempt.
namespaces: []
- name: pod-node-selector
mountPath: "/etc/kubernetes/pod-node-selector.yaml"
readOnly: true
pathType: "File"
content: |
podNodeSelectorPluginConfig:
clusterDefaultNodeSelector: name-of-node-selector
namespace1: name-of-node-selector
namespace2: name-of-node-selector
The example below enables kubernetes auditing which requires an The example below enables kubernetes auditing which requires an
audit-policy-file.yaml file to specify the details of what events should be audit-policy-file.yaml file to specify the details of what events should be