External-Mirrors/kubespray
2
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-03-13 23:17:35 -02:30
Code Issues Packages Projects Releases Wiki Activity

Remove PodSecurityPolicies in Calico (#9395)

Browse Source
This commit is contained in:
Kay Yan
2022-10-17 20:51:07 +08:00
committed by GitHub
parent 72b45eec2e
commit 32f3d92d6b
1 changed files with 0 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
roles/network_plugin/calico/templates/calico-apiserver.yml.j2
View File

@@ -285,35 +285,3 @@ subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: calico-apiserver name: calico-apiserver
namespace: calico-apiserver namespace: calico-apiserver
---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
annotations:
seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
name: calico-apiserver
spec:
allowPrivilegeEscalation: false
fsGroup:
ranges:
- max: 65535
min: 1
rule: MustRunAs
hostPorts:
- max: 65535
min: 0
requiredDropCapabilities:
- ALL
runAsUser:
rule: RunAsAny
seLinux:
rule: RunAsAny
supplementalGroups:
ranges:
- max: 65535
min: 1
rule: MustRunAs
volumes:
- secret