Skip to content

Commit

Permalink
Merge pull request #1045 from jodavis-suse/release-caasp-4.2.0
Browse files Browse the repository at this point in the history 
Backport #1043 - Fix PSP for kubelet disarm job, bsc#1138908
  • Loading branch information
Danny Sauer authored Apr 14, 2020
2 parents 7fa7bf7 + 8b18bbd commit 7632d9e
Show file tree
Hide file tree
Showing 3 changed files with 21 additions and 1 deletion.
19 changes: 19 additions & 0 deletions internal/pkg/skuba/addons/psp.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -119,6 +119,25 @@ subjects:
name: kube-proxy
namespace: kube-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: kube-disarm
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: suse:caasp:psp:kube-disarm
roleRef:
kind: ClusterRole
name: suse:caasp:psp:privileged
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: kube-disarm
namespace: kube-system
---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
Expand Down
1 change: 1 addition & 0 deletions internal/pkg/skuba/kubernetes/kubelet.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -98,6 +98,7 @@ func disarmKubeletJobSpec(node *v1.Node, clusterVersion *version.Version) batchv
return batchv1.JobSpec{
Template: v1.PodTemplateSpec{
Spec: v1.PodSpec{
ServiceAccountName: "kube-disarm",
Containers: []v1.Container{
{
Name: disarmKubeletJobName(node),
Expand Down
2 changes: 1 addition & 1 deletion internal/pkg/skuba/kubernetes/versions.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -97,7 +97,7 @@ var (
Kured: &AddonVersion{"1.3.0", 4},
Dex: &AddonVersion{"2.16.0", 5},
Gangway: &AddonVersion{"3.1.0-rev4", 4},
PSP: &AddonVersion{"", 2},
PSP: &AddonVersion{"", 3},
},
},
"1.16.2": KubernetesVersion{
Expand Down

0 comments on commit 7632d9e

Please sign in to comment.