ghndrx/k8s-manifests
1
0
Fork 0
mirror of https://github.com/ghndrx/k8s-manifests.git synced 2026-02-10 06:45:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(deployments): add PSS-restricted base template with Kustomize

Browse Source 
- Namespace with Pod Security Standards restricted enforcement
- Deployment with full security context (non-root, read-only fs, no caps)
- Resource limits, health probes, topology spread
- Service and comprehensive README
- Kustomize structure for overlay-based customization
This commit is contained in:
Greg Hendrickson
2026-01-31 18:01:18 +00:00
parent 2b8954d54b
commit ef86c1a6c7
5 changed files with 220 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
deployments/base/namespace.yaml Normal file
View File

@@ -0,0 +1,13 @@
apiVersion: v1
kind: Namespace
metadata:
name: app-production
labels:
# Pod Security Standards - enforce restricted profile
# See: https://kubernetes.io/docs/concepts/security/pod-security-standards/
pod-security.kubernetes.io/enforce: restricted
pod-security.kubernetes.io/enforce-version: latest
pod-security.kubernetes.io/audit: restricted
pod-security.kubernetes.io/audit-version: latest
pod-security.kubernetes.io/warn: restricted
pod-security.kubernetes.io/warn-version: latest