You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: website/content/en/docs/best-practices/pod-security-standards.md
+6-7Lines changed: 6 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -82,9 +82,7 @@ dep:= &appsv1.Deployment{
82
82
83
83
**Note:** For Ansible- and Helm-based Operator projects, your Ansible playbooks or Helm charts must create manifests that comply with the requirements.
84
84
85
-
**OR**
86
-
87
-
- B) **For workloads that need elevated permissions:** Ensure the namespace has the appropriate enforcement level label as shown in the following example.
85
+
-**For workloads that need elevated permissions:** Ensure the namespace has the appropriate enforcement level label as shown in the following example.
88
86
You might need include this in the installation documentation for your Operator. While the label syncer should handle this for you in most cases, it is a good practice for Operators to explicitly state its requirements.
89
87
90
88
```yaml
@@ -96,10 +94,11 @@ You might need include this in the installation documentation for your Operator.
96
94
```
97
95
98
96
**You should ensure the configuration is carried to the Pod/Containers on the bundle CSV (install.spec.deployments.containers).**
97
+
99
98
To check an example of CSV which complies with the [restrictive][restricted] policy, see the Golang sample
100
99
under the [testdata/go/v3/memcached-operator/bundle/manifests/memcached-operator.clusterserviceversion.yaml](https://github.com/kubernetes-sigs/kubebuilder/blob/master/testdata/go/v3/memcached-operator/bundle/manifests/memcached-operator.clusterserviceversion.yaml)
0 commit comments