mirror of
https://github.com/gwg313/homelab-gitops.git
synced 2026-06-23 15:38:02 +00:00
initial commit
This commit is contained in:
commit
471f30f0b1
GPG key ID:
60FF63B4826B7400
13 changed files with 286 additions and 0 deletions
7
security/namespace-policies.yaml
Normal file
7
security/namespace-policies.yaml
Normal file
|
|
@ -0,0 +1,7 @@
|
|||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: secure-default
|
||||
labels:
|
||||
pod-security.kubernetes.io/enforce: "restricted"
|
||||
pod-security.kubernetes.io/enforce-version: "latest"
|
||||
10
security/network-policies.yaml
Normal file
10
security/network-policies.yaml
Normal file
|
|
@ -0,0 +1,10 @@
|
|||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
name: default-deny-all
|
||||
namespace: secure-default
|
||||
spec:
|
||||
podSelector: {}
|
||||
policyTypes:
|
||||
- Ingress
|
||||
- Egress
|
||||
12
security/rbac.yaml
Normal file
12
security/rbac.yaml
Normal file
|
|
@ -0,0 +1,12 @@
|
|||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: readonly-users
|
||||
subjects:
|
||||
- kind: Group
|
||||
name: readonly
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: view
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
Loading…
Add table
Add a link
Reference in a new issue