This PR does the following updates to the CIS guide:
Reorgs Host-level requirements a bit. Instead of having two sections, one describing what is needed and the other one "how to configure it", I merged both and the "how to configure it" comes right after each subsection. I think it makes it more readable.
This PR does the following updates to the CIS guide:
Host-level requirementsa bit. Instead of having two sections, one describing what is needed and the other one "how to configure it", I merged both and the "how to configure it" comes right after each subsection. I think it makes it more readable.tigera-operatornamespace is included as exception in the section describing where restricted pod security standard is applied: https://github.com/rancher/rke2/blob/master/pkg/rke2/psa.go#L58kube-node-leasenamespace from the list of namespaces where the network policies are applied. We are only adding a restricted service account on that namespace: https://github.com/rancher/rke2/blob/master/pkg/rke2/serviceaccount.go#L82