epostnikof/kubespray
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2025-12-13 21:34:40 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d744e3fb9248d90417aac7fa6aa13bb1d3f29b41
kubespray/roles/kubernetes/control-plane/templates/podsecurity.yaml.j2
k8s-infra-cherrypick-robot d744e3fb92 Fix: Change "empty" definition for PodSecurity Admission configuration (#12477) 
Fixes a bug where `kube-apiserver` fails to start if the PodSecurity
configuration file doesn't have the `apiVersion` and `kind` keys.

Signed-off-by: Alejandro Macedo <alex.macedopereira@gmail.com>
Co-authored-by: Alejandro Macedo <alex.macedopereira@gmail.com>
2025-08-19 03:45:36 -07:00

18 lines
842 B
Django/Jinja
Raw Blame History

apiVersion: pod-security.admission.config.k8s.io/v1
kind: PodSecurityConfiguration
{% if kube_pod_security_use_default %}
defaults:
enforce: "{{ kube_pod_security_default_enforce }}"
enforce-version: "{{ kube_pod_security_default_enforce_version }}"
audit: "{{ kube_pod_security_default_audit }}"
audit-version: "{{ kube_pod_security_default_audit_version }}"
warn: "{{ kube_pod_security_default_warn }}"
warn-version: "{{ kube_pod_security_default_warn_version }}"
exemptions:
usernames: {{ kube_pod_security_exemptions_usernames | to_json }}
runtimeClasses: {{ kube_pod_security_exemptions_runtime_class_names | to_json }}
namespaces: {{ kube_pod_security_exemptions_namespaces | to_json }}
{% else %}
# This file is intentinally left empty as kube_pod_security_use_default={{ kube_pod_security_use_default }}
{% endif %}
Reference in New Issue View Git Blame Copy Permalink