diff --git a/examples/psp/psp.yaml b/examples/psp/psp.yaml index f840103bd..2d57d8d27 100644 --- a/examples/psp/psp.yaml +++ b/examples/psp/psp.yaml @@ -8,49 +8,37 @@ metadata: apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: - annotations: - # Assumes apparmor available - apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default' - apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' - seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default' - seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' name: ingress-nginx + namespace: ingress-nginx spec: allowedCapabilities: - - NET_BIND_SERVICE - allowPrivilegeEscalation: true - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - hostIPC: false - hostNetwork: false - hostPID: false - hostPorts: - - min: 80 - max: 65535 + - NET_BIND_SERVICE privileged: false - readOnlyRootFilesystem: false - runAsUser: - rule: 'MustRunAsNonRoot' - ranges: - - min: 101 - max: 65535 - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 + allowPrivilegeEscalation: true + # Allow core volume types. volumes: - - 'configMap' - - 'downwardAPI' - - 'emptyDir' - - 'projected' - - 'secret' + - configMap + - secret + hostIPC: false + hostPID: false + runAsUser: + # Require the container to run without root privileges. + rule: MustRunAsNonRoot + supplementalGroups: + rule: MustRunAs + ranges: + # Forbid adding the root group. + - min: 1 + max: 65535 + fsGroup: + rule: MustRunAs + ranges: + # Forbid adding the root group. + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + seLinux: + rule: RunAsAny --- @@ -60,14 +48,10 @@ metadata: name: ingress-nginx-psp namespace: ingress-nginx rules: -- apiGroups: - - policy - resourceNames: - - ingress-nginx - resources: - - podsecuritypolicies - verbs: - - use +- apiGroups: [policy] + resources: [podsecuritypolicies] + verbs: [use] + resourceNames: [ingress-nginx] --- @@ -84,4 +68,5 @@ subjects: - kind: ServiceAccount name: default - kind: ServiceAccount - name: nginx-ingress-serviceaccount + name: ingress-nginx + namespace: ingress-nginx diff --git a/sitemap.xml b/sitemap.xml index e5026aed6..eef15d8d3 100644 --- a/sitemap.xml +++ b/sitemap.xml @@ -1,199 +1,199 @@ https://kubernetes.github.io/ingress-nginx/ - 2020-08-10 + 2020-08-11 daily https://kubernetes.github.io/ingress-nginx/how-it-works/ - 2020-08-10 + 2020-08-11 daily https://kubernetes.github.io/ingress-nginx/troubleshooting/ - 2020-08-10 + 2020-08-11 daily https://kubernetes.github.io/ingress-nginx/kubectl-plugin/ - 2020-08-10 + 2020-08-11 daily https://kubernetes.github.io/ingress-nginx/development/ - 2020-08-10 + 2020-08-11 daily https://kubernetes.github.io/ingress-nginx/deploy/ - 2020-08-10 + 2020-08-11 daily https://kubernetes.github.io/ingress-nginx/deploy/baremetal/ - 2020-08-10 + 2020-08-11 daily https://kubernetes.github.io/ingress-nginx/deploy/rbac/ - 2020-08-10 + 2020-08-11 daily https://kubernetes.github.io/ingress-nginx/deploy/upgrade/ - 2020-08-10 + 2020-08-11 daily https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/ - 2020-08-10 + 2020-08-11 daily https://kubernetes.github.io/ingress-nginx/user-guide/basic-usage/ - 2020-08-10 + 2020-08-11 daily https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/ - 2020-08-10 + 2020-08-11 daily https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/ - 2020-08-10 + 2020-08-11 daily https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/custom-template/ - 2020-08-10 + 2020-08-11 daily https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/log-format/ - 2020-08-10 + 2020-08-11 daily https://kubernetes.github.io/ingress-nginx/user-guide/cli-arguments/ - 2020-08-10 + 2020-08-11 daily https://kubernetes.github.io/ingress-nginx/user-guide/custom-errors/ - 2020-08-10 + 2020-08-11 daily https://kubernetes.github.io/ingress-nginx/user-guide/default-backend/ - 2020-08-10 + 2020-08-11 daily https://kubernetes.github.io/ingress-nginx/user-guide/exposing-tcp-udp-services/ - 2020-08-10 + 2020-08-11 daily https://kubernetes.github.io/ingress-nginx/user-guide/fcgi-services/ - 2020-08-10 + 2020-08-11 daily https://kubernetes.github.io/ingress-nginx/user-guide/ingress-path-matching/ - 2020-08-10 + 2020-08-11 daily https://kubernetes.github.io/ingress-nginx/user-guide/external-articles/ - 2020-08-10 + 2020-08-11 daily https://kubernetes.github.io/ingress-nginx/user-guide/miscellaneous/ - 2020-08-10 + 2020-08-11 daily https://kubernetes.github.io/ingress-nginx/user-guide/monitoring/ - 2020-08-10 + 2020-08-11 daily https://kubernetes.github.io/ingress-nginx/user-guide/multiple-ingress/ - 2020-08-10 + 2020-08-11 daily https://kubernetes.github.io/ingress-nginx/user-guide/tls/ - 2020-08-10 + 2020-08-11 daily https://kubernetes.github.io/ingress-nginx/user-guide/third-party-addons/modsecurity/ - 2020-08-10 + 2020-08-11 daily https://kubernetes.github.io/ingress-nginx/user-guide/third-party-addons/opentracing/ - 2020-08-10 + 2020-08-11 daily https://kubernetes.github.io/ingress-nginx/examples/ - 2020-08-10 + 2020-08-11 daily https://kubernetes.github.io/ingress-nginx/examples/PREREQUISITES/ - 2020-08-10 + 2020-08-11 daily https://kubernetes.github.io/ingress-nginx/examples/affinity/cookie/ - 2020-08-10 + 2020-08-11 daily https://kubernetes.github.io/ingress-nginx/examples/auth/basic/ - 2020-08-10 + 2020-08-11 daily https://kubernetes.github.io/ingress-nginx/examples/auth/client-certs/ - 2020-08-10 + 2020-08-11 daily https://kubernetes.github.io/ingress-nginx/examples/auth/external-auth/ - 2020-08-10 + 2020-08-11 daily https://kubernetes.github.io/ingress-nginx/examples/auth/oauth-external-auth/ - 2020-08-10 + 2020-08-11 daily https://kubernetes.github.io/ingress-nginx/examples/customization/configuration-snippets/ - 2020-08-10 + 2020-08-11 daily https://kubernetes.github.io/ingress-nginx/examples/customization/custom-configuration/ - 2020-08-10 + 2020-08-11 daily https://kubernetes.github.io/ingress-nginx/examples/customization/custom-errors/ - 2020-08-10 + 2020-08-11 daily https://kubernetes.github.io/ingress-nginx/examples/customization/custom-headers/ - 2020-08-10 + 2020-08-11 daily https://kubernetes.github.io/ingress-nginx/examples/customization/external-auth-headers/ - 2020-08-10 + 2020-08-11 daily https://kubernetes.github.io/ingress-nginx/examples/customization/ssl-dh-param/ - 2020-08-10 + 2020-08-11 daily https://kubernetes.github.io/ingress-nginx/examples/customization/sysctl/ - 2020-08-10 + 2020-08-11 daily https://kubernetes.github.io/ingress-nginx/examples/docker-registry/ - 2020-08-10 + 2020-08-11 daily https://kubernetes.github.io/ingress-nginx/examples/grpc/ - 2020-08-10 + 2020-08-11 daily https://kubernetes.github.io/ingress-nginx/examples/multi-tls/ - 2020-08-10 + 2020-08-11 daily https://kubernetes.github.io/ingress-nginx/examples/rewrite/ - 2020-08-10 + 2020-08-11 daily https://kubernetes.github.io/ingress-nginx/examples/static-ip/ - 2020-08-10 + 2020-08-11 daily https://kubernetes.github.io/ingress-nginx/examples/tls-termination/ - 2020-08-10 + 2020-08-11 daily https://kubernetes.github.io/ingress-nginx/examples/psp/ - 2020-08-10 + 2020-08-11 daily \ No newline at end of file diff --git a/sitemap.xml.gz b/sitemap.xml.gz index 9513e91e1..3e535d6c1 100644 Binary files a/sitemap.xml.gz and b/sitemap.xml.gz differ