merge pull request #31 from zackbradys/main

updated values for cis profiles and selinux

charts/cluster-templates/values-aws.yaml

@@ -55,8 +55,8 @@ cluster:
       disable_cloud_controller: false
       disable_kube_proxy: false
       etcd_expose_metrics: false
-      profile: '' # cis-1.6, cis-1.23
-      selinux: false
+      profile: '' # cis, cis-1.23, or cis-1.6 # https://docs.rke2.io/security/hardening_guide
+      selinux: false # rke2-selinux and container-selinux be installed on the nodes # https://docs.rke2.io/security/selinux
       secrets_encryption: false
       write_kubeconfig_mode: 0600
       use_service_account_credentials: false

charts/cluster-templates/values-custom.yaml

@@ -52,8 +52,8 @@ cluster:
       disable_cloud_controller: false
       disable_kube_proxy: false
       etcd_expose_metrics: false
-      profile: '' # cis-1.6, cis-1.23
-      selinux: false
+      profile: '' # cis, cis-1.23, or cis-1.6 # https://docs.rke2.io/security/hardening_guide
+      selinux: false # rke2-selinux and container-selinux be installed on the nodes # https://docs.rke2.io/security/selinux
       secrets_encryption: false
       write_kubeconfig_mode: 0600
       use_service_account_credentials: false

charts/cluster-templates/values-digitalocean.yaml

@@ -55,8 +55,8 @@ cluster:
       disable_cloud_controller: false
       disable_kube_proxy: false
       etcd_expose_metrics: false
-      profile: '' # cis-1.6, cis-1.23
-      selinux: false
+      profile: '' # cis, cis-1.23, or cis-1.6 # https://docs.rke2.io/security/hardening_guide
+      selinux: false # rke2-selinux and container-selinux be installed on the nodes # https://docs.rke2.io/security/selinux
       secrets_encryption: false
       write_kubeconfig_mode: 0600
       use_service_account_credentials: false

charts/cluster-templates/values-elemental.yaml

@@ -55,8 +55,8 @@ cluster:
       disable_cloud_controller: false
       disable_kube_proxy: false
       etcd_expose_metrics: false
-      profile: '' # cis-1.6, cis-1.23
-      selinux: false
+      profile: '' # cis, cis-1.23, or cis-1.6 # https://docs.rke2.io/security/hardening_guide
+      selinux: false # rke2-selinux and container-selinux be installed on the nodes # https://docs.rke2.io/security/selinux
       secrets_encryption: false
       write_kubeconfig_mode: 0600
       use_service_account_credentials: false

charts/cluster-templates/values-harvester.yaml

@@ -55,8 +55,8 @@ cluster:
       disable_cloud_controller: false
       disable_kube_proxy: false
       etcd_expose_metrics: false
-      profile: '' # cis-1.6, cis-1.23
-      selinux: false
+      profile: '' # cis, cis-1.23, or cis-1.6 # https://docs.rke2.io/security/hardening_guide
+      selinux: false # rke2-selinux and container-selinux be installed on the nodes # https://docs.rke2.io/security/selinux
       secrets_encryption: false
       write_kubeconfig_mode: 0600
       use_service_account_credentials: false

charts/cluster-templates/values.yaml

@@ -61,8 +61,8 @@ cluster:
       disable_cloud_controller: false
       disable_kube_proxy: false
       etcd_expose_metrics: false
-      profile: '' # cis-1.6, cis-1.23
-      selinux: false
+      profile: '' # cis, cis-1.23, or cis-1.6 # https://docs.rke2.io/security/hardening_guide
+      selinux: false # rke2-selinux and container-selinux be installed on the nodes # https://docs.rke2.io/security/selinux
       secrets_encryption: false
       write_kubeconfig_mode: 0600
       use_service_account_credentials: false