DevFW-CICD/ingress-nginx-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

adjust enforce level statement

Browse source
This commit is contained in:
phuhung273 2024-10-15 19:58:32 +07:00
parent 44a2831d0d
commit c812563a13
2 changed files with 5 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
charts/ingress-nginx/README.md
View file

@ -233,9 +233,7 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu
### Pod Security Admission
You can use PSA by applying label to `ingress-nginx` namespace as instructed by [Pod Security Admission](https://kubernetes.io/docs/tasks/configure-pod-container/enforce-standards-namespace-labels/)
For now, highest level can be <strong>enforced</strong> is `baseline`
You can use Pod Security Admission by applying labels to the `ingress-nginx` namespace as instructed by the [documentation](https://kubernetes.io/docs/tasks/configure-pod-container/enforce-standards-namespace-labels).
Example:
@ -243,12 +241,12 @@ Example:
apiVersion: v1
kind: Namespace
metadata:
name: ingress-nginx
labels:
pod-security.kubernetes.io/enforce: baseline
pod-security.kubernetes.io/enforce-version: v1.31
kubernetes.io/metadata.name: ingress-nginx
name: ingress-nginx
name: ingress-nginx
pod-security.kubernetes.io/enforce: restricted
pod-security.kubernetes.io/enforce-version: v1.31
```
## Values

4
charts/ingress-nginx/README.md.gotmpl
View file

@ -230,8 +230,6 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu
You can use Pod Security Admission by applying labels to the `ingress-nginx` namespace as instructed by the [documentation](https://kubernetes.io/docs/tasks/configure-pod-container/enforce-standards-namespace-labels).
For now, the highest level, which can be enforced, is `baseline`.
Example:
```yaml
@ -242,7 +240,7 @@ metadata:
labels:
kubernetes.io/metadata.name: ingress-nginx
name: ingress-nginx
pod-security.kubernetes.io/enforce: baseline
pod-security.kubernetes.io/enforce: restricted
pod-security.kubernetes.io/enforce-version: v1.31
```