Update documentation with PSP removal (#3360)

* Update documentation with PSP removal * typos * Fix docs
rancher · Oct 13, 2022 · 532aed3 · 532aed3
1 parent 426b599
commit 532aed3
Show file tree

Hide file tree

Showing 9 changed files with 2,846 additions and 12 deletions.
diff --git a/docs/install/install_options/linux_agent_config.md b/docs/install/install_options/linux_agent_config.md
@@ -51,7 +51,7 @@ OPTIONS:
    --kubelet-path value                          (experimental/agent) Override kubelet binary path [$RKE2_KUBELET_PATH]
    --cloud-provider-name value                   (cloud provider) Cloud provider name [$RKE2_CLOUD_PROVIDER_NAME]
    --cloud-provider-config value                 (cloud provider) Cloud provider configuration file path [$RKE2_CLOUD_PROVIDER_CONFIG]
-   --profile value                               (security) Validate system configuration against the selected benchmark (valid items: cis-1.5, cis-1.6 ) [$RKE2_CIS_PROFILE]
+   --profile value                               (security) Validate system configuration against the selected benchmark (valid items: cis-1.23 ) [$RKE2_CIS_PROFILE]
    --audit-policy-file value                     (security) Path to the file that defines the audit policy configuration [$RKE2_AUDIT_POLICY_FILE]
    --control-plane-resource-requests value       (components) Control Plane resource requests [$RKE2_CONTROL_PLANE_RESOURCE_REQUESTS]
    --control-plane-resource-limits value         (components) Control Plane resource limits [$RKE2_CONTROL_PLANE_RESOURCE_LIMITS]

diff --git a/docs/install/install_options/server_config.md b/docs/install/install_options/server_config.md
@@ -87,7 +87,7 @@ OPTIONS:
    --kubelet-path value                          (experimental/agent) Override kubelet binary path [$RKE2_KUBELET_PATH]
    --cloud-provider-name value                   (cloud provider) Cloud provider name [$RKE2_CLOUD_PROVIDER_NAME]
    --cloud-provider-config value                 (cloud provider) Cloud provider configuration file path [$RKE2_CLOUD_PROVIDER_CONFIG]
-   --profile value                               (security) Validate system configuration against the selected benchmark (valid items: cis-1.5, cis-1.6 ) [$RKE2_CIS_PROFILE]
+   --profile value                               (security) Validate system configuration against the selected benchmark (valid items: cis-1.23 ) [$RKE2_CIS_PROFILE]
    --audit-policy-file value                     (security) Path to the file that defines the audit policy configuration [$RKE2_AUDIT_POLICY_FILE]
    --control-plane-resource-requests value       (components) Control Plane resource requests [$RKE2_CONTROL_PLANE_RESOURCE_REQUESTS]
    --control-plane-resource-limits value         (components) Control Plane resource limits [$RKE2_CONTROL_PLANE_RESOURCE_LIMITS]

diff --git a/docs/install/install_options/windows_agent_config.md b/docs/install/install_options/windows_agent_config.md
@@ -52,7 +52,7 @@ ill also be used for the apiserver client load-balancer. (default: 6444) [%RKE2_
    --kubelet-path value                          (experimental/agent) Override kubelet binary path [%RKE2_KUBELET_PATH%]
    --cloud-provider-name value                   (cloud provider) Cloud provider name [%RKE2_CLOUD_PROVIDER_NAME%]
    --cloud-provider-config value                 (cloud provider) Cloud provider configuration file path [%RKE2_CLOUD_PROVIDER_CONFIG%]
-   --profile value                               (security) Validate system configuration against the selected benchmark (valid items: cis-1.5, cis-1.6 ) [%RKE2_CIS_PROFILE%]
+   --profile value                               (security) Validate system configuration against the selected benchmark (valid items: cis-1.23 ) [%RKE2_CIS_PROFILE%]
    --audit-policy-file value                     (security) Path to the file that defines the audit policy configuration [%RKE2_AUDIT_POLICY_FILE%]
    --control-plane-resource-requests value       (components) Control Plane resource requests [%RKE2_CONTROL_PLANE_RESOURCE_REQUESTS%]
    --control-plane-resource-limits value         (components) Control Plane resource limits [%RKE2_CONTROL_PLANE_RESOURCE_LIMITS%]

diff --git a/docs/known_issues.md b/docs/known_issues.md
@@ -116,7 +116,7 @@ There are two ways to resolve this. You can either manually remove unused IPs fr
 
 ## Ingress in CIS Mode
 
-By default, when RKE2 is run with the `profile: cis-1.6` parameter, it applies network policies that can be restrictive for ingress. This, coupled with the `rke2-ingress-nginx` chart having `hostNetwork: false` by default, requires users to set network policies of their own to allow access to the ingress URLs. Below is an example networkpolicy that allows ingress to any workload in the namespace it is applied in. See https://kubernetes.io/docs/concepts/services-networking/network-policies/ for more configuration options.
+By default, when RKE2 is run with a CIS profile selected by the `profile` parameter, it applies network policies that can be restrictive for ingress. This, coupled with the `rke2-ingress-nginx` chart having `hostNetwork: false` by default, requires users to set network policies of their own to allow access to the ingress URLs. Below is an example networkpolicy that allows ingress to any workload in the namespace it is applied in. See https://kubernetes.io/docs/concepts/services-networking/network-policies/ for more configuration options.
 ```yaml
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy