Skip to content

Commit ed1999a

Browse files
openshift-merge-robotopenshift-merge-robot
authored
Merge pull request #1369 from stlaz/psa_restrict_globally
make PodSecurity admission enforce restricted globally
2 parents 1675f29 + fe24732 commit ed1999a

File tree

1 file changed

+1
-5
lines changed

1 file changed

+1
-5
lines changed

bindata/assets/config/defaultconfig.yaml

+1-5
Original file line numberDiff line numberDiff line change
@@ -14,12 +14,8 @@ admission:
1414
kind: PodSecurityConfiguration
1515
apiVersion: pod-security.admission.config.k8s.io/v1beta1
1616
defaults:
17-
enforce: "privileged"
17+
enforce: "restricted"
1818
enforce-version: "latest"
19-
audit: "restricted"
20-
audit-version: "latest"
21-
warn: "restricted"
22-
warn-version: "latest"
2319
exemptions:
2420
usernames:
2521
# The build controller creates pods that are likely to be privileged

0 commit comments

Comments
 (0)