github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-23 19:56:01 +00:00
Code Issues Projects Releases Wiki Activity

PodSecurity: add resource quota for clusters that limit cluster-critical by default

Browse Source
This commit is contained in:
Jordan Liggitt 2021-10-27 13:01:41 -04:00
parent a356c32797
commit 09e9ba99ab
2 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
staging/src/k8s.io/pod-security-admission/webhook/manifests/20-resourcequota.yaml Normal file
View File

@ -0,0 +1,14 @@
apiVersion: v1
kind: ResourceQuota
metadata:
name: pod-security-webhook
namespace: pod-security-webhook
spec:
hard:
pods: 3
scopeSelector:
matchExpressions:
- operator: In
scopeName: PriorityClass
values:
- system-cluster-critical

1
staging/src/k8s.io/pod-security-admission/webhook/manifests/kustomization.yaml
View File

@ -2,6 +2,7 @@ resources:
- 10-namespace.yaml - 10-namespace.yaml
- 20-configmap.yaml - 20-configmap.yaml
- 20-serviceaccount.yaml - 20-serviceaccount.yaml
- 20-resourcequota.yaml
- 30-clusterrole.yaml - 30-clusterrole.yaml
- 40-clusterrolebinding.yaml - 40-clusterrolebinding.yaml
- 50-deployment.yaml - 50-deployment.yaml