From c5d3f956d07d153f11e34b07538432419f6500b0 Mon Sep 17 00:00:00 2001 From: Suraj Deshmukh Date: Wed, 15 Apr 2020 20:02:36 +0530 Subject: [PATCH] PSP: Rename `privileged` to `zz-privileged` This commit renames the PSP `privileged` to `zz-privileged`. This is done in order to avoid the situation where `privileged` PSP is picked up accidently even though a specific, small scoped (in terms of permissions) PSP exists. Signed-off-by: Suraj Deshmukh --- .../charts/kubernetes/templates/psp-privileged.yaml | 4 ++-- pkg/assets/generated_assets.go | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/assets/lokomotive-kubernetes/bootkube/resources/charts/kubernetes/templates/psp-privileged.yaml b/assets/lokomotive-kubernetes/bootkube/resources/charts/kubernetes/templates/psp-privileged.yaml index d4c954b3e..afe8b4f52 100644 --- a/assets/lokomotive-kubernetes/bootkube/resources/charts/kubernetes/templates/psp-privileged.yaml +++ b/assets/lokomotive-kubernetes/bootkube/resources/charts/kubernetes/templates/psp-privileged.yaml @@ -1,7 +1,7 @@ apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: - name: privileged + name: zz-privileged annotations: seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' spec: @@ -35,7 +35,7 @@ rules: resources: ['podsecuritypolicies'] verbs: ['use'] resourceNames: - - privileged + - zz-privileged --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 diff --git a/pkg/assets/generated_assets.go b/pkg/assets/generated_assets.go index 8e708a3a7..75cf00fa8 100644 --- a/pkg/assets/generated_assets.go +++ b/pkg/assets/generated_assets.go @@ -3849,16 +3849,16 @@ var vfsgenAssets = func() http.FileSystem { "/lokomotive-kubernetes/bootkube/resources/charts/kubernetes/templates/psp-privileged.yaml": &vfsgen۰CompressedFileInfo{ name: "psp-privileged.yaml", modTime: time.Date(1970, 1, 1, 0, 0, 1, 0, time.UTC), - uncompressedSize: 1338, + uncompressedSize: 1344, - compressedContent: []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xc4\x53\x4d\x6f\xd3\x40\x10\xbd\xfb\x57\xec\xcd\x12\x92\x5d\x22\x14\x84\xf6\x56\x02\x42\x95\x50\x65\x05\xc1\xa5\xe2\x30\x5e\x4f\x9a\x21\xfb\xa5\x9d\x5d\xb7\xe1\xd7\xa3\x5d\xbb\x69\x22\x48\x95\x03\x88\xa3\x67\xde\xbc\x37\xf3\xf6\x19\x3c\x7d\xc3\xc0\xe4\xac\x14\xde\x69\x52\xfb\xab\x71\xd1\x63\x84\x45\xb5\x23\x3b\x48\xd1\xb9\xe1\x0b\xaa\x14\x28\xee\xbb\xd2\xaf\x0c\x46\x18\x20\x82\xac\x84\xb0\x60\x50\x0a\x1f\x68\x24\x8d\xf7\x38\x54\x42\x80\xb5\x2e\x42\x24\x67\x39\x23\x84\x60\x54\xca\x19\xdf\xf2\x4c\xd3\x82\xf6\x5b\x68\x77\xa9\xc7\x60\x31\x22\xb7\xe4\xae\x40\x6b\xf7\x80\x43\x17\xdc\x86\x34\xde\x82\x41\x96\xa2\x7e\x55\x57\xec\x51\x65\x9e\x67\x0d\x29\x62\x48\x98\x95\xf2\x4c\xf7\x54\xff\xc8\x0a\x74\xd1\x3d\x05\xe0\xb0\x02\x0f\x3d\x69\x8a\x84\x65\xa5\xa6\x10\x0b\x31\x3a\x9d\xcc\x69\x69\xeb\x38\xde\x62\x7c\x70\x61\x77\x60\xc9\xb5\xce\x85\x38\x03\x0d\x59\x29\x5e\x97\xcb\x0c\x3c\x4a\xf1\x76\xb9\x7c\xb3\x9c\x61\x37\xdd\xea\x74\xec\xe6\xc3\xe1\x3b\x24\x7b\xcd\x5f\x19\xc3\xe4\x4a\x48\x1a\xa5\xa8\xd7\xb9\x7a\x6d\xf7\x59\x9c\xf1\x33\xd9\xf4\x78\xbe\x9f\xbc\xd7\x68\xd0\x46\xd0\x9f\x82\x4b\x9e\xcf\x42\x37\x5c\x00\x67\xfa\x4d\xd3\xcc\xaf\xbb\xd2\x89\x23\x86\xb5\xd3\x58\x1d\x47\x21\xf4\xa0\x5a\x48\x71\xeb\x02\xfd\x2c\xa6\xb6\xbb\x77\xe5\xa1\xc6\xc5\x8b\x01\x68\x3c\xfb\x2a\x0b\xb2\xac\x1a\x01\x9e\xe6\x45\xc5\x5d\x3d\xc5\xab\xfe\x9e\xbd\x40\x76\x29\x28\x9c\xeb\xc3\x53\x34\x0a\x84\x90\x0b\x68\xc4\xd0\xb3\xcc\x07\x88\xbb\x3a\x31\x9e\x4c\x4e\x09\x29\x0f\x72\x94\xbe\x3f\x1e\xf6\x9e\xec\x40\xf6\xfe\xef\xdd\xd7\xa8\x89\xbc\x81\xc1\x90\xe5\x2a\x38\x8d\x6b\xdc\x64\xf8\xef\xae\x9e\xb1\x48\x1c\xbc\x79\x61\x99\x8a\x53\xff\x03\x55\x2c\x5e\x4e\xd4\x65\xe4\x40\xca\x7b\x8e\x68\xa4\x81\x2c\xc7\x17\x92\x3e\x9b\xf4\x6f\xdc\xc9\x3f\xf6\xb4\xd8\x8c\x60\x0f\x0a\xa5\xc8\xf5\x66\x6e\xfc\x77\xcb\x18\xc3\x48\x0a\x41\x29\x97\x6c\x64\x79\xbc\xdc\x65\x42\xbf\x02\x00\x00\xff\xff\xc1\x85\x6b\x01\x3a\x05\x00\x00"), + compressedContent: []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xc4\x53\x4f\x6b\xdb\x4e\x10\xbd\xeb\x53\xec\x4d\xf0\x03\x29\x3f\x53\x5c\xca\xde\x52\xb7\x94\x40\x09\xc2\xa5\xbd\x84\x1e\x46\xab\x71\x3c\xf5\xfe\x63\x67\x57\x89\xfd\xe9\xcb\xae\x14\x3b\xa6\x71\xc9\xa1\xa5\x47\xcd\xbe\x79\x6f\xe6\xcd\x13\x78\xfa\x86\x81\xc9\x59\x29\xbc\xd3\xa4\xf6\x57\xe3\xa2\xc7\x08\x8b\x6a\x47\x76\x90\xa2\x73\xc3\x17\x54\x29\x50\xdc\x77\xe5\xbd\x32\x18\x61\x80\x08\xb2\x12\xc2\x82\x41\x29\x0e\x87\xc6\x07\x1a\x49\xe3\x3d\x0e\x95\x10\x60\xad\x8b\x10\xc9\x59\xce\x20\x21\x18\x95\x72\xc6\xb7\x3c\x33\xb5\xa0\xfd\x16\xda\x5d\xea\x31\x58\x8c\xc8\x2d\xb9\x2b\xd0\xda\x3d\xe0\xd0\x05\xb7\x21\x8d\xb7\x60\x90\xa5\xa8\xff\xab\x2b\xf6\xa8\x32\xcf\x49\x43\x8a\x18\x12\x66\xa5\xdc\xd3\x3d\xd5\x3f\xb2\x02\x5d\x74\xcf\x01\x38\xac\xc0\x43\x4f\x9a\x22\x61\x19\xa9\x29\xc4\x42\x8c\x4e\x27\x73\x5e\xda\x3a\x8e\xb7\x18\x1f\x5c\xd8\x1d\x59\x72\xad\x73\x21\xce\x40\x43\x56\x8a\xff\xcb\x66\x06\x1e\xa5\x78\xbb\x5c\xbe\x59\xce\xb0\x9b\x6e\x75\xde\x76\xf3\xe1\xf8\x1d\x92\xbd\xe6\xaf\x8c\x61\x72\x25\x24\x8d\x52\xd4\xeb\x5c\xbd\xb6\xfb\x2c\xce\xf8\x99\x6c\x7a\xbc\xfc\x9e\xbc\xd7\x68\xd0\x46\xd0\x9f\x82\x4b\x9e\x2f\x42\x37\x5c\x00\x17\xde\x9b\xa6\x99\x0f\xbc\xd2\x89\x23\x86\xb5\xd3\x58\x3d\x4f\x43\xe8\x41\xb5\x90\xe2\xd6\x05\x3a\x14\x53\xdb\xdd\xbb\x72\xa8\x71\xf1\x42\x06\x4e\xc7\x69\x3c\xfb\x2a\x0b\xb2\xac\x1a\x01\x9e\xe6\x41\xc5\x5d\x3d\x25\xac\xfe\x9e\xbd\x40\x76\x29\x28\x9c\xeb\xc3\x53\x34\x0a\x84\x90\x0b\x68\xc4\xd0\xb3\xcc\x0b\x88\xbb\x3a\x31\x9e\x75\x4e\x09\x29\x07\x39\x0f\xe0\x8b\xbb\xbd\x27\x3b\x90\xbd\xff\x73\x2b\x36\x6a\x22\x6f\x60\x30\x64\xb9\x0a\x4e\xe3\x1a\x37\x19\xfe\xab\xb1\x17\x5c\x12\x47\x7b\x7e\x33\x4c\xc5\xa9\xff\x81\x2a\x16\x3b\x27\xea\xd2\x72\x24\xe5\x3d\x47\x34\xd2\x40\x96\xe3\x57\x92\x9e\x4c\xfa\x3b\xee\xe4\x7f\x7b\x1a\x6c\x46\xb0\x07\x85\x52\xe4\x7a\x33\x3f\xfc\x73\xcb\x18\xc3\x48\x0a\x41\x29\x97\x6c\x64\xf9\x7c\xb8\xd7\x09\xfd\x0c\x00\x00\xff\xff\x76\x59\x54\x4a\x40\x05\x00\x00"), }, "/lokomotive-kubernetes/bootkube/resources/charts/kubernetes/templates/psp-restricted.yaml": &vfsgen۰CompressedFileInfo{ name: "psp-restricted.yaml", modTime: time.Date(1970, 1, 1, 0, 0, 1, 0, time.UTC), uncompressedSize: 1745, - compressedContent: []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xbc\x54\x4d\x6f\xdb\x46\x10\xbd\xf3\x57\x0c\x90\x03\x0f\x2d\x65\x18\x85\x8b\x82\x37\xd7\x4e\x02\x21\xb6\x23\x28\x1f\x97\xa0\x87\x25\x77\x28\x4d\xb5\xdc\xdd\xce\xcc\x4a\x51\x7f\x7d\xb1\x4b\x5a\x96\x9b\x34\xc8\xa1\xc8\x6d\x67\x39\xfb\xde\x9b\x37\xc3\x31\x91\x3e\x22\x0b\x05\xdf\x42\x0c\x8e\xfa\xe3\xc5\xfe\xb2\x43\x35\x97\xd5\x8e\xbc\x6d\x61\x15\xec\x3b\xec\x13\x93\x1e\x57\xe5\x7b\x35\xa2\x1a\x6b\xd4\xb4\x15\x80\x37\x23\xb6\xc0\x28\xca\xd4\x2b\xda\x0a\xc0\x78\x1f\xd4\x28\x05\x2f\x39\x03\x40\xb0\xef\xc3\x18\x17\x32\xc3\x2c\x8c\x8b\x5b\xb3\xd8\xa5\x0e\xd9\xa3\xa2\x2c\x28\x5c\x18\xe7\xc2\x01\xed\x8a\xc3\x40\x0e\x1f\xcc\x88\xd2\x42\x6d\x43\xbf\x43\xbe\xb0\x38\x98\xe4\xb4\xfe\x7e\xb8\xf9\xc5\x19\x5c\x0b\x5f\xc2\x49\xc4\x3e\x6b\x8c\x4c\x7b\x72\xb8\x41\xdb\xc2\x60\x9c\x60\x05\xf0\x02\xd6\xf8\x57\x22\x46\x0b\x1a\x20\x32\xee\xd1\x2b\xa0\xf4\xc6\x4d\xc5\xe5\x6b\x0e\x41\x17\xb9\xe6\xac\x7e\xf5\x88\xf2\xf2\x94\x74\x0e\xf7\x7e\x4b\x02\x24\xc0\x68\x93\xb7\xc6\x2b\x1c\x48\xb7\xe0\x83\x6f\x32\x0c\xfc\x04\x96\xa4\x00\x3d\xe9\x39\xe3\xfb\xb9\x80\x74\x49\xe1\x80\xd0\x1b\x0f\x91\xc3\x9e\x2c\x02\x29\x0c\x81\xc1\xe2\x80\x5e\x10\xc8\x83\xc5\xa8\xdb\x2c\x8b\xe7\x0a\x6e\x39\xc4\x1b\x13\x4d\x47\x8e\x94\xb0\xf4\xa5\x81\x37\xcb\xbb\xbb\x72\xb8\x7f\xf3\xf0\xf6\xb6\x9c\xde\xbd\x7c\xff\x61\x79\x3a\xbe\x2e\xc7\x17\x70\x5d\x44\xf5\x81\x11\xf6\xc1\xa5\x11\x41\x8f\x11\x25\x33\x4c\xf1\x0c\x58\xf7\xc1\x0f\xb4\xb9\x37\xb1\x9e\x62\x1c\xa3\x1e\x6f\x89\xe7\x30\x72\xf8\x13\xf3\x94\xcc\xb1\x60\xcf\xa8\x73\x60\xc3\xc1\x1f\x0c\xdb\xeb\xd5\xb2\x9e\x58\x45\x0a\xd5\xd6\x28\xc4\x3c\xa2\xa2\xe8\xf5\xe3\x44\x08\x82\x0a\x29\x42\x77\x04\xdd\x22\xf4\x2e\x89\x22\x83\xb1\x23\x79\x30\x8c\x20\x66\xc0\xdc\xa1\x24\xb8\x98\xd9\xff\x85\x71\xe3\x0c\x8d\x99\x6a\x1b\x44\x1f\x50\x0f\x81\x77\x4f\xfd\xca\x97\xcb\xd5\xcd\xf3\x8b\xd5\xf2\xf6\xe9\x82\x93\xbf\x96\x0f\x82\x3c\x4d\xf9\x69\x5e\x26\x41\xc1\xab\x21\x8f\x5c\xa6\x24\xf9\xd2\xeb\x90\xb4\x4c\xcc\x53\x7f\x8b\x87\x19\xca\x61\x0b\xf5\x7d\x12\x5d\x67\xd4\x87\xe0\xd7\x21\x14\x67\x04\xef\xc8\xa7\xcf\xed\x79\x5e\xc9\xb9\xf6\xc7\xf2\x3d\xc5\xe8\x70\x44\xaf\xc6\xbd\xe6\x90\xa2\xb4\x5f\x85\x9c\xfe\x1d\x36\x7e\x83\xf2\x28\xf8\x55\xe0\x8e\x2c\x18\x6b\xc9\x6f\x8a\xec\xa2\x6e\x93\x61\x26\x61\x0d\x8c\xe4\x5b\xb8\x2c\x01\xc0\x68\x3e\xb7\xf0\xeb\xd5\xd5\x2f\x57\x15\xc0\x20\x85\xef\x47\xd1\x31\x1a\xfb\xd6\xbb\x63\x36\xe6\x15\x39\x94\xa3\x28\x8e\x8f\xed\x68\x9a\x66\xde\x57\x37\xd3\x28\xac\x83\xc3\xea\x7c\xb9\x71\x67\xfa\x85\x49\xba\x0d\x4c\x7f\x97\x3f\x6a\xb1\xfb\xad\xec\x8a\xfd\xe5\x37\x57\x5a\x13\x25\x56\xb9\x3e\x69\xab\x06\x4c\xa4\xd9\x66\xf8\x54\x4f\x0b\xb3\xfe\xa3\xc8\x93\x90\xb8\xc7\xf9\xde\x3e\x6e\xa7\x92\x42\x28\x25\x69\x8f\xdc\x49\x5b\x6a\xfb\x54\x27\xc1\x67\x2f\xa7\x9d\x57\x66\xf5\x6c\x9f\x7e\xb5\xb0\xdf\xc9\x67\x0f\xff\xbf\xfa\x9a\xc9\xcd\x26\xbf\x47\xaf\xd4\x9b\xcc\xcd\xc1\xe1\x1a\x87\xfc\xe8\x4b\x6f\xff\xc3\x28\x38\x39\xf4\x0d\x49\x95\xa4\x2e\x6f\x82\xe2\xe8\x04\x5d\x9e\x9c\x40\xe7\xe6\x3e\x97\xf3\x7d\xd0\xff\x04\x00\x00\xff\xff\x3c\x63\xd2\xd1\xd1\x06\x00\x00"), + compressedContent: []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xbc\x54\x4d\x6f\xdc\x46\x0c\xbd\xeb\x57\x10\xc8\x41\x87\x56\x6b\x18\x85\x8b\x42\x37\xd7\x4e\x02\x23\xb6\xb3\xd8\x7c\x5c\x82\x1e\x28\x0d\xb5\xcb\xee\x68\x66\x3a\xe4\xec\x66\xfd\xeb\x8b\x19\xc9\xeb\x75\xe3\x16\x39\x14\xb9\x0d\x29\xf2\xf1\xf1\x91\x22\x06\xfe\x4c\x51\xd8\xbb\x16\x82\xb7\xdc\x1f\xce\x76\xe7\x1d\x29\x9e\x57\x5b\x76\xa6\x85\xa5\x37\x1f\xa8\x4f\x91\xf5\xb0\x2c\xdf\xab\x91\x14\x0d\x2a\xb6\x15\x80\xc3\x91\x5a\x78\x78\x68\x46\x76\x3c\xa2\xad\x00\xd0\x39\xaf\xa8\xec\x9d\xe4\x08\x00\xa1\xbe\xf7\x63\x58\xc8\x0c\xb3\x40\x1b\x36\xb8\xd8\xa6\x8e\xa2\x23\x25\x59\xb0\x3f\x43\x6b\xfd\x9e\xcc\x32\xfa\x81\x2d\xdd\xe3\x48\xd2\x42\x6d\x7c\xbf\xa5\x78\x66\x68\xc0\x64\xb5\xfe\x7e\xb8\x39\xe3\x04\xae\x85\x6f\xe1\x24\x50\x9f\x39\x86\xc8\x3b\xb6\xb4\x26\xd3\xc2\x80\x56\xa8\x02\x78\x05\x2b\xfa\x2b\x71\x24\x03\xea\x21\x44\xda\x91\x53\x20\xe9\xd1\x4e\xcd\x65\x77\xf4\x5e\x17\xb9\xe7\xcc\x7e\xf9\x88\xf2\xfa\x18\x74\x0a\xf7\x71\xc3\x02\x2c\x10\xc9\x24\x67\xd0\x29\xec\x59\x37\xe0\xbc\x6b\x32\x0c\xfc\x04\x86\xa5\x00\x3d\xf1\x39\xa9\xf7\x73\x01\xe9\x92\xc2\x9e\xa0\x47\x07\x21\xfa\x1d\x1b\x02\x56\x18\x7c\x04\x43\x03\x39\x21\x60\x07\x86\x82\x6e\x32\xad\x38\x77\x70\x1d\x7d\xb8\xc2\x80\x1d\x5b\x56\xa6\x32\x97\x06\xde\xdd\xdc\xde\x96\xc7\xdd\xbb\xfb\xf7\xd7\xe5\xf5\xe1\xf5\xc7\x4f\x37\xc7\xe7\xdb\xf2\x7c\x05\x97\x85\x54\xef\x23\xc1\xce\xdb\x34\x12\xe8\x21\x90\xe4\x0a\x93\x3d\x03\xd6\xbd\x77\x03\xaf\xef\x30\xd4\x93\x4d\x63\xd0\xc3\x35\xc7\xd9\x0c\xd1\xff\x49\xbd\x92\x99\x6d\xa1\x3e\x92\xce\x86\xf1\x7b\xb7\xc7\x68\x2e\x97\x37\xf5\x54\x55\xa4\x94\xda\xa0\x42\xc8\x2b\x2a\x4a\x4e\x3f\x4f\x05\x41\x48\x21\x05\xe8\x0e\xa0\x1b\x82\xde\x26\x51\x8a\x80\x66\x64\x07\x18\x09\x04\x07\xca\x13\x4a\x42\x8b\xb9\xfa\x3f\x30\xae\x2c\xf2\x98\x4b\x6d\xbc\xe8\x3d\xe9\xde\xc7\xed\xd3\xbc\xb2\xf3\x66\x79\xf5\xdc\xb1\xbc\xb9\x7e\x72\xc4\xe4\x2e\xe5\x93\x50\x9c\xb6\xfc\xb8\x2f\x13\x21\xef\x14\xd9\x51\x2c\x5b\x92\x5c\x99\xb5\x4f\x5a\x36\xe6\x69\xbe\x45\xc3\x0c\x65\xa9\x85\xfa\x2e\x89\xae\x32\xea\xbd\x77\x2b\xef\x8b\x32\x42\xb7\xec\xd2\xd7\xf6\x34\xae\xc4\x5c\xba\x43\xf9\x9e\x42\xb0\x34\x92\x53\xb4\x6f\xa3\x4f\x41\xda\x17\x21\xa7\x7f\x27\xa2\x5b\x93\x3c\x12\x7e\xe3\x63\xc7\x06\xd0\x18\x76\xeb\x42\xbb\xb0\x5b\x67\x98\x89\x58\x03\x23\xbb\x16\xce\x8b\x01\x30\xe2\xd7\x16\x7e\xbd\xb8\xf8\xe5\xa2\x02\x18\xa4\xd4\xfb\x51\xe5\x22\xa1\x79\xef\xec\x21\x0b\xf3\x86\x2d\xc9\x41\x94\xc6\xc7\x71\x34\x4d\x33\xdf\xab\xab\x69\x15\x56\xde\x52\x75\x7a\xdc\x62\x87\xfd\x02\x93\x6e\x7c\xe4\x87\xf2\x47\x2d\xb6\xbf\x95\x5b\xb1\x3b\x7f\xe1\xa4\x45\x12\x8d\x9c\x97\xb5\x09\x12\xaa\xdc\x9f\xb4\x55\x03\x18\x78\x96\x19\xbe\xd4\xd3\xc1\xac\xff\x28\xf4\xc4\xa7\xd8\xd3\xec\x37\x8f\xd7\xa9\x84\x30\x49\x09\xda\x51\xec\xa4\x2d\xbd\x7d\xa9\x93\xd0\xb3\xcc\xe9\xe6\x95\x5d\x3d\xb9\xa7\x2f\x36\xf6\x3b\xbb\xac\xe1\xff\xd7\x5f\x33\xa9\xd9\xe4\x7c\x72\xca\x3d\x2a\x99\x2a\x7a\x4b\x2b\x1a\x72\xd2\xb7\xda\xfe\x8b\x50\x70\x54\xe8\x3f\x28\x55\x92\xba\x7c\x09\x8a\xa2\x13\x74\x49\x39\x82\xce\xc3\x7d\x4e\xe7\xfb\xa0\xff\x0e\x00\x00\xff\xff\x42\x1d\x17\xf5\xd1\x06\x00\x00"), }, "/lokomotive-kubernetes/bootkube/resources/charts/kubernetes/values.yaml": &vfsgen۰CompressedFileInfo{ name: "values.yaml",