DevFW-CICD/ingress-nginx-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

adjust enforce level statement

Browse source
This commit is contained in:
phuhung273 2024-10-15 19:58:32 +07:00 committed by k8s-infra-cherrypick-robot
parent 2069524fba
commit 541def26a4
2 changed files with 5 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
charts/ingress-nginx/README.md
View file

@ -233,9 +233,7 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu
### Pod Security Admission ### Pod Security Admission
You can use PSA by applying label to `ingress-nginx` namespace as instructed by [Pod Security Admission](https://kubernetes.io/docs/tasks/configure-pod-container/enforce-standards-namespace-labels/) You can use Pod Security Admission by applying labels to the `ingress-nginx` namespace as instructed by the [documentation](https://kubernetes.io/docs/tasks/configure-pod-container/enforce-standards-namespace-labels).
For now, highest level can be <strong>enforced</strong> is `baseline`
Example: Example:
@ -243,12 +241,12 @@ Example:
apiVersion: v1 apiVersion: v1
kind: Namespace kind: Namespace
metadata: metadata:
name: ingress-nginx
labels: labels:
pod-security.kubernetes.io/enforce: baseline
pod-security.kubernetes.io/enforce-version: v1.31
kubernetes.io/metadata.name: ingress-nginx kubernetes.io/metadata.name: ingress-nginx
name: ingress-nginx name: ingress-nginx
name: ingress-nginx pod-security.kubernetes.io/enforce: restricted
pod-security.kubernetes.io/enforce-version: v1.31
``` ```
## Values ## Values

4
charts/ingress-nginx/README.md.gotmpl
View file

@ -230,8 +230,6 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu
You can use Pod Security Admission by applying labels to the `ingress-nginx` namespace as instructed by the [documentation](https://kubernetes.io/docs/tasks/configure-pod-container/enforce-standards-namespace-labels). You can use Pod Security Admission by applying labels to the `ingress-nginx` namespace as instructed by the [documentation](https://kubernetes.io/docs/tasks/configure-pod-container/enforce-standards-namespace-labels).
For now, the highest level, which can be enforced, is `baseline`.
Example: Example:
```yaml ```yaml
@ -242,7 +240,7 @@ metadata:
labels: labels:
kubernetes.io/metadata.name: ingress-nginx kubernetes.io/metadata.name: ingress-nginx
name: ingress-nginx name: ingress-nginx
pod-security.kubernetes.io/enforce: baseline pod-security.kubernetes.io/enforce: restricted
pod-security.kubernetes.io/enforce-version: v1.31 pod-security.kubernetes.io/enforce-version: v1.31
``` ```