本文档采用自动化机器翻译技术翻译。尽管我们力求提供准确的译文，但不对翻译内容的完整性、准确性或可靠性作出任何保证。若出现任何内容不一致情况，请以原始英文版本为准，且原始英文版本为权威文本。

PodSecurityConfiguration 示例

以下 PodSecurityConfiguration 包含了 rancher-restricted 集群正常运行所需的 Rancher 命名空间豁免。

apiVersion: apiserver.config.k8s.io/v1
kind: AdmissionConfiguration
plugins:
  - name: PodSecurity
    configuration:
      apiVersion: pod-security.admission.config.k8s.io/v1
      kind: PodSecurityConfiguration
      defaults:
        enforce: "restricted"
        enforce-version: "latest"
        audit: "restricted"
        audit-version: "latest"
        warn: "restricted"
        warn-version: "latest"
      exemptions:
        namespaces:
        - calico-apiserver
        - calico-system
        - cattle-alerting
        - cattle-capi-system
        - cattle-csp-adapter-system
        - cattle-elemental-system
        - cattle-epinio-system
        - cattle-externalip-system
        - cattle-fleet-local-system
        - cattle-fleet-system
        - cattle-gatekeeper-system
        - cattle-global-data
        - cattle-global-nt
        - cattle-impersonation-system
        - cattle-istio
        - cattle-istio-system
        - cattle-logging
        - cattle-logging-system
        - cattle-monitoring-system
        - cattle-neuvector-system
        - cattle-prometheus
        - cattle-provisioning-capi-system
        - cattle-resources-system
        - cattle-sriov-system
        - cattle-system
        - cattle-turtles-system
        - cattle-ui-plugin-system
        - cattle-windows-gmsa-system
        - cert-manager
        - cis-operator-system
        - compliance-operator-system
        - fleet-default
        - fleet-local
        - istio-system
        - kube-node-lease
        - kube-public
        - kube-system
        - longhorn-system
        - rancher-alerting-drivers
        - rancher-compliance-system
        - security-scan
        - sr-operator-system
        - tigera-operator
        - traefik
        runtimeClasses: []
        usernames: []