Remove PodSecurityPolicies in Metallb for kubernetes 1.25 (#9442)
This commit is contained in:
parent
5e14398af4
commit
4d3f637684
1 changed files with 0 additions and 78 deletions
|
@ -5,84 +5,6 @@ metadata:
|
|||
labels:
|
||||
app: metallb
|
||||
---
|
||||
apiVersion: policy/v1beta1
|
||||
kind: PodSecurityPolicy
|
||||
metadata:
|
||||
labels:
|
||||
app: metallb
|
||||
name: controller
|
||||
spec:
|
||||
allowPrivilegeEscalation: false
|
||||
allowedCapabilities: []
|
||||
allowedHostPaths: []
|
||||
defaultAddCapabilities: []
|
||||
defaultAllowPrivilegeEscalation: false
|
||||
fsGroup:
|
||||
ranges:
|
||||
- max: 65535
|
||||
min: 1
|
||||
rule: MustRunAs
|
||||
hostIPC: false
|
||||
hostNetwork: false
|
||||
hostPID: false
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: true
|
||||
requiredDropCapabilities:
|
||||
- ALL
|
||||
runAsUser:
|
||||
rule: MustRunAsNonRoot
|
||||
seLinux:
|
||||
rule: RunAsAny
|
||||
supplementalGroups:
|
||||
ranges:
|
||||
- max: 65535
|
||||
min: 1
|
||||
rule: MustRunAs
|
||||
volumes:
|
||||
- configMap
|
||||
- secret
|
||||
- emptyDir
|
||||
---
|
||||
{% if metallb_speaker_enabled %}
|
||||
apiVersion: policy/v1beta1
|
||||
kind: PodSecurityPolicy
|
||||
metadata:
|
||||
labels:
|
||||
app: metallb
|
||||
name: speaker
|
||||
spec:
|
||||
allowPrivilegeEscalation: false
|
||||
allowedCapabilities:
|
||||
- NET_RAW
|
||||
allowedHostPaths: []
|
||||
defaultAddCapabilities: []
|
||||
defaultAllowPrivilegeEscalation: false
|
||||
fsGroup:
|
||||
rule: RunAsAny
|
||||
hostIPC: false
|
||||
hostNetwork: true
|
||||
hostPID: false
|
||||
hostPorts:
|
||||
- max: {{ metallb_port }}
|
||||
min: {{ metallb_port }}
|
||||
- max: {{ metallb_memberlist_port }}
|
||||
min: {{ metallb_memberlist_port }}
|
||||
privileged: true
|
||||
readOnlyRootFilesystem: true
|
||||
requiredDropCapabilities:
|
||||
- ALL
|
||||
runAsUser:
|
||||
rule: RunAsAny
|
||||
seLinux:
|
||||
rule: RunAsAny
|
||||
supplementalGroups:
|
||||
rule: RunAsAny
|
||||
volumes:
|
||||
- configMap
|
||||
- secret
|
||||
- emptyDir
|
||||
{% endif %}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
|
|
Loading…
Reference in a new issue