Skip to content

Commit

Permalink
Merge pull request #1331 from jordimassaguerpla/fix_psp_backport
Browse files Browse the repository at this point in the history 
Fix kucero PSP (bsc#1175352)
  • Loading branch information
@jordimassaguerpla
jordimassaguerpla authored Aug 18, 2020
2 parents d9847d8 + 359961b commit 2a926c9
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 33 deletions.
45 changes: 13 additions & 32 deletions internal/pkg/skuba/addons/kucero.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,30 +49,6 @@ metadata:
name: kucero
namespace: kube-system
---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: kucero
spec:
allowedHostPaths:
- pathPrefix: /etc/kubernetes/pki
readOnly: true
- pathPrefix: /var/lib/kubelet/pki
readOnly: true
fsGroup:
rule: RunAsAny
hostPID: true
privileged: true
runAsUser:
rule: RunAsAny
seLinux:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
volumes:
- secret
- hostPath
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
Expand Down Expand Up @@ -146,14 +122,6 @@ rules:
- pods/eviction
verbs:
- create
- apiGroups:
- extensions
resourceNames:
- kucero
resources:
- podsecuritypolicies
verbs:
- use
- apiGroups:
- certificates.k8s.io
resourceNames:
Expand Down Expand Up @@ -225,6 +193,19 @@ subjects:
name: kucero
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: suse:caasp:psp:kucero
roleRef:
kind: ClusterRole
name: suse:caasp:psp:privileged
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: kucero
namespace: kube-system
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
Expand Down
2 changes: 1 addition & 1 deletion internal/pkg/skuba/kubernetes/versions.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -107,7 +107,7 @@ var (
Dex: &AddonVersion{"2.23.0", 7},
Gangway: &AddonVersion{"3.1.0-rev5", 5},
MetricsServer: &AddonVersion{"0.3.6", 0},
Kucero: &AddonVersion{"1.1.1", 0},
Kucero: &AddonVersion{"1.1.1", 1},
PSP: &AddonVersion{"", 2},
},
},
Expand Down

0 comments on commit 2a926c9

Please sign in to comment.