c12s-kubespray/roles/kubernetes/control-plane/templates/podsecurity.yaml.j2

{% if kube_pod_security_use_default %}
apiVersion: pod-security.admission.config.k8s.io/v1beta1
kind: PodSecurityConfiguration
defaults:
  enforce: "{{ kube_pod_security_default_enforce }}"
  enforce-version: "{{ kube_pod_security_default_enforce_version }}"
  audit: "{{ kube_pod_security_default_audit }}"
  audit-version: "{{ kube_pod_security_default_audit_version }}"
  warn: "{{ kube_pod_security_default_warn }}"
  warn-version: "{{ kube_pod_security_default_warn_version }}"
exemptions:
  usernames: {{ kube_pod_security_exemptions_usernames|to_json }}
  runtimeClasses: {{ kube_pod_security_exemptions_runtime_class_names|to_json }}
  namespaces: {{ kube_pod_security_exemptions_namespaces|to_json }}
{% else %}
# This file is intentinally left empty as kube_pod_security_use_default={{ kube_pod_security_use_default }}
{% endif %}