Remove PodSecurityPolicies in Calico (#9395)
This commit is contained in:
parent
72b45eec2e
commit
32f3d92d6b
1 changed files with 0 additions and 32 deletions
|
@ -285,35 +285,3 @@ subjects:
|
||||||
- kind: ServiceAccount
|
- kind: ServiceAccount
|
||||||
name: calico-apiserver
|
name: calico-apiserver
|
||||||
namespace: calico-apiserver
|
namespace: calico-apiserver
|
||||||
|
|
||||||
---
|
|
||||||
|
|
||||||
apiVersion: policy/v1beta1
|
|
||||||
kind: PodSecurityPolicy
|
|
||||||
metadata:
|
|
||||||
annotations:
|
|
||||||
seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
|
|
||||||
name: calico-apiserver
|
|
||||||
spec:
|
|
||||||
allowPrivilegeEscalation: false
|
|
||||||
fsGroup:
|
|
||||||
ranges:
|
|
||||||
- max: 65535
|
|
||||||
min: 1
|
|
||||||
rule: MustRunAs
|
|
||||||
hostPorts:
|
|
||||||
- max: 65535
|
|
||||||
min: 0
|
|
||||||
requiredDropCapabilities:
|
|
||||||
- ALL
|
|
||||||
runAsUser:
|
|
||||||
rule: RunAsAny
|
|
||||||
seLinux:
|
|
||||||
rule: RunAsAny
|
|
||||||
supplementalGroups:
|
|
||||||
ranges:
|
|
||||||
- max: 65535
|
|
||||||
min: 1
|
|
||||||
rule: MustRunAs
|
|
||||||
volumes:
|
|
||||||
- secret
|
|
||||||
|
|
Loading…
Reference in a new issue