From 681141b5261c519338a12ae2dfb0fb3b4a6436dd Mon Sep 17 00:00:00 2001 From: Andrew Azores Date: Wed, 13 Nov 2024 12:11:56 -0500 Subject: [PATCH] rephrase --- charts/cryostat/README.md | 2 +- charts/cryostat/values.schema.json | 2 +- charts/cryostat/values.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/cryostat/README.md b/charts/cryostat/README.md index 64438b6..9e01506 100644 --- a/charts/cryostat/README.md +++ b/charts/cryostat/README.md @@ -210,7 +210,7 @@ helm install cryostat ./charts/cryostat | `serviceAccount.name` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | `""` | | `podAnnotations` | Annotations to be applied to the Cryostat Pod | `{}` | | `podSecurityContext` | Security Context for the Cryostat Pod. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [PodSecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context) | `{}` | -| `networkPolicy.ingress.enabled` | whether a NetworkPolicy for restricting Cryostat component Services' traffic is installed. | `true` | +| `networkPolicy.ingress.enabled` | whether a NetworkPolicy for restricting Cryostat component Pods' traffic is installed. This prevents other Pods from sending unwanted traffic to Cryostat's Pods. Traffic should flow via the Service (or Route, or other Ingress) only, not by directly targeting Pods. | `true` | | `nodeSelector` | Node Selector for the Cryostat Pod. See: [NodeSelector](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `{}` | | `tolerations` | Tolerations for the Cryostat Pod. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `[]` | | `affinity` | Affinity for the Cryostat Pod. See: [Affinity](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `{}` | diff --git a/charts/cryostat/values.schema.json b/charts/cryostat/values.schema.json index 306ccf6..7cc9a84 100644 --- a/charts/cryostat/values.schema.json +++ b/charts/cryostat/values.schema.json @@ -995,7 +995,7 @@ "properties": { "enabled": { "type": "boolean", - "description": "whether a NetworkPolicy for restricting Cryostat component Services' traffic is installed.", + "description": "whether a NetworkPolicy for restricting Cryostat component Pods' traffic is installed. This prevents other Pods from sending unwanted traffic to Cryostat's Pods. Traffic should flow via the Service (or Route, or other Ingress) only, not by directly targeting Pods.", "default": true } } diff --git a/charts/cryostat/values.yaml b/charts/cryostat/values.yaml index f6ed41b..afbf7d5 100644 --- a/charts/cryostat/values.yaml +++ b/charts/cryostat/values.yaml @@ -358,7 +358,7 @@ podSecurityContext: networkPolicy: ingress: - ## @param networkPolicy.ingress.enabled whether a NetworkPolicy for restricting Cryostat component Services' traffic is installed. + ## @param networkPolicy.ingress.enabled whether a NetworkPolicy for restricting Cryostat component Pods' traffic is installed. This prevents other Pods from sending unwanted traffic to Cryostat's Pods. Traffic should flow via the Service (or Route, or other Ingress) only, not by directly targeting Pods. enabled: true ## @param nodeSelector [object] Node Selector for the Cryostat Pod. See: [NodeSelector](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling)