From 8cf5212f608986c725e76322192d78968351221f Mon Sep 17 00:00:00 2001 From: David Porter Date: Fri, 4 Nov 2022 17:13:12 -0700 Subject: [PATCH] Remove PSP from kustomize deploy Removing PSP and related config since it is deprecated in 1.25.0. Users can add their config if needed. Signed-off-by: David Porter --- deploy/kubernetes/base/clusterrole.yaml | 10 --------- .../kubernetes/base/clusterrolebinding.yaml | 12 ----------- deploy/kubernetes/base/daemonset.yaml | 2 +- deploy/kubernetes/base/kustomization.yaml | 3 --- deploy/kubernetes/base/podsecuritypolicy.yaml | 21 ------------------- 5 files changed, 1 insertion(+), 47 deletions(-) delete mode 100644 deploy/kubernetes/base/clusterrole.yaml delete mode 100644 deploy/kubernetes/base/clusterrolebinding.yaml delete mode 100644 deploy/kubernetes/base/podsecuritypolicy.yaml diff --git a/deploy/kubernetes/base/clusterrole.yaml b/deploy/kubernetes/base/clusterrole.yaml deleted file mode 100644 index 7f50aeaabc..0000000000 --- a/deploy/kubernetes/base/clusterrole.yaml +++ /dev/null @@ -1,10 +0,0 @@ -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: cadvisor -rules: - - apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - cadvisor diff --git a/deploy/kubernetes/base/clusterrolebinding.yaml b/deploy/kubernetes/base/clusterrolebinding.yaml deleted file mode 100644 index e343135c12..0000000000 --- a/deploy/kubernetes/base/clusterrolebinding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: cadvisor -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cadvisor -subjects: -- kind: ServiceAccount - name: cadvisor - namespace: cadvisor diff --git a/deploy/kubernetes/base/daemonset.yaml b/deploy/kubernetes/base/daemonset.yaml index 75bd8ec7a6..9bc4e81100 100644 --- a/deploy/kubernetes/base/daemonset.yaml +++ b/deploy/kubernetes/base/daemonset.yaml @@ -17,7 +17,7 @@ spec: serviceAccountName: cadvisor containers: - name: cadvisor - image: gcr.io/cadvisor/cadvisor:v0.39.0 + image: gcr.io/cadvisor/cadvisor:v0.45.0 resources: requests: memory: 400Mi diff --git a/deploy/kubernetes/base/kustomization.yaml b/deploy/kubernetes/base/kustomization.yaml index ebbf121983..01f4ae12a7 100644 --- a/deploy/kubernetes/base/kustomization.yaml +++ b/deploy/kubernetes/base/kustomization.yaml @@ -4,9 +4,6 @@ namespace: cadvisor commonLabels: app: cadvisor resources: -- clusterrole.yaml -- clusterrolebinding.yaml - daemonset.yaml - namespace.yaml -- podsecuritypolicy.yaml - serviceaccount.yaml diff --git a/deploy/kubernetes/base/podsecuritypolicy.yaml b/deploy/kubernetes/base/podsecuritypolicy.yaml deleted file mode 100644 index 4dcfc42524..0000000000 --- a/deploy/kubernetes/base/podsecuritypolicy.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: cadvisor -spec: - seLinux: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - runAsUser: - rule: RunAsAny - fsGroup: - rule: RunAsAny - volumes: - - '*' - allowedHostPaths: - - pathPrefix: "/" - - pathPrefix: "/var/run" - - pathPrefix: "/sys" - - pathPrefix: "/var/lib/docker" - - pathPrefix: "/dev/disk"