From c88cfb4e4b31daff4d2ce6f3ecbe51719d7ce59a Mon Sep 17 00:00:00 2001 From: Suraj Deshmukh Date: Wed, 15 Apr 2020 20:02:36 +0530 Subject: [PATCH] PSP: Rename `privileged` to `zz-privileged` This commit renames the PSP `privileged` to `zz-privileged`. This is done in order to avoid the situation where `privileged` PSP is picked up accidently even though a specific, small scoped (in terms of permissions) PSP exists. Signed-off-by: Suraj Deshmukh --- .../charts/kubernetes/templates/psp-privileged.yaml | 4 ++-- pkg/assets/generated_assets.go | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/assets/lokomotive-kubernetes/bootkube/resources/charts/kubernetes/templates/psp-privileged.yaml b/assets/lokomotive-kubernetes/bootkube/resources/charts/kubernetes/templates/psp-privileged.yaml index d4c954b3e..afe8b4f52 100644 --- a/assets/lokomotive-kubernetes/bootkube/resources/charts/kubernetes/templates/psp-privileged.yaml +++ b/assets/lokomotive-kubernetes/bootkube/resources/charts/kubernetes/templates/psp-privileged.yaml @@ -1,7 +1,7 @@ apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: - name: privileged + name: zz-privileged annotations: seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' spec: @@ -35,7 +35,7 @@ rules: resources: ['podsecuritypolicies'] verbs: ['use'] resourceNames: - - privileged + - zz-privileged --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 diff --git a/pkg/assets/generated_assets.go b/pkg/assets/generated_assets.go index bd72d047c..7c170ec26 100644 --- a/pkg/assets/generated_assets.go +++ b/pkg/assets/generated_assets.go @@ -3849,16 +3849,16 @@ var vfsgenAssets = func() http.FileSystem { "/lokomotive-kubernetes/bootkube/resources/charts/kubernetes/templates/psp-privileged.yaml": &vfsgen۰CompressedFileInfo{ name: "psp-privileged.yaml", modTime: time.Date(1970, 1, 1, 0, 0, 1, 0, time.UTC), - uncompressedSize: 1338, + uncompressedSize: 1344, - compressedContent: []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xc4\x53\x4d\x6f\xd3\x40\x10\xbd\xfb\x57\xec\xcd\x12\x92\x5d\x22\x14\x84\xf6\x56\x02\x42\x95\x50\x65\x05\xc1\xa5\xe2\x30\x5e\x4f\x9a\x21\xfb\xa5\x9d\x5d\xb7\xe1\xd7\xa3\x5d\xbb\x69\x22\x48\x95\x03\x88\xa3\x67\xde\xbc\x37\xf3\xf6\x19\x3c\x7d\xc3\xc0\xe4\xac\x14\xde\x69\x52\xfb\xab\x71\xd1\x63\x84\x45\xb5\x23\x3b\x48\xd1\xb9\xe1\x0b\xaa\x14\x28\xee\xbb\xd2\xaf\x0c\x46\x18\x20\x82\xac\x84\xb0\x60\x50\x0a\x1f\x68\x24\x8d\xf7\x38\x54\x42\x80\xb5\x2e\x42\x24\x67\x39\x23\x84\x60\x54\xca\x19\xdf\xf2\x4c\xd3\x82\xf6\x5b\x68\x77\xa9\xc7\x60\x31\x22\xb7\xe4\xae\x40\x6b\xf7\x80\x43\x17\xdc\x86\x34\xde\x82\x41\x96\xa2\x7e\x55\x57\xec\x51\x65\x9e\x67\x0d\x29\x62\x48\x98\x95\xf2\x4c\xf7\x54\xff\xc8\x0a\x74\xd1\x3d\x05\xe0\xb0\x02\x0f\x3d\x69\x8a\x84\x65\xa5\xa6\x10\x0b\x31\x3a\x9d\xcc\x69\x69\xeb\x38\xde\x62\x7c\x70\x61\x77\x60\xc9\xb5\xce\x85\x38\x03\x0d\x59\x29\x5e\x97\xcb\x0c\x3c\x4a\xf1\x76\xb9\x7c\xb3\x9c\x61\x37\xdd\xea\x74\xec\xe6\xc3\xe1\x3b\x24\x7b\xcd\x5f\x19\xc3\xe4\x4a\x48\x1a\xa5\xa8\xd7\xb9\x7a\x6d\xf7\x59\x9c\xf1\x33\xd9\xf4\x78\xbe\x9f\xbc\xd7\x68\xd0\x46\xd0\x9f\x82\x4b\x9e\xcf\x42\x37\x5c\x00\x67\xfa\x4d\xd3\xcc\xaf\xbb\xd2\x89\x23\x86\xb5\xd3\x58\x1d\x47\x21\xf4\xa0\x5a\x48\x71\xeb\x02\xfd\x2c\xa6\xb6\xbb\x77\xe5\xa1\xc6\xc5\x8b\x01\x68\x3c\xfb\x2a\x0b\xb2\xac\x1a\x01\x9e\xe6\x45\xc5\x5d\x3d\xc5\xab\xfe\x9e\xbd\x40\x76\x29\x28\x9c\xeb\xc3\x53\x34\x0a\x84\x90\x0b\x68\xc4\xd0\xb3\xcc\x07\x88\xbb\x3a\x31\x9e\x4c\x4e\x09\x29\x0f\x72\x94\xbe\x3f\x1e\xf6\x9e\xec\x40\xf6\xfe\xef\xdd\xd7\xa8\x89\xbc\x81\xc1\x90\xe5\x2a\x38\x8d\x6b\xdc\x64\xf8\xef\xae\x9e\xb1\x48\x1c\xbc\x79\x61\x99\x8a\x53\xff\x03\x55\x2c\x5e\x4e\xd4\x65\xe4\x40\xca\x7b\x8e\x68\xa4\x81\x2c\xc7\x17\x92\x3e\x9b\xf4\x6f\xdc\xc9\x3f\xf6\xb4\xd8\x8c\x60\x0f\x0a\xa5\xc8\xf5\x66\x6e\xfc\x77\xcb\x18\xc3\x48\x0a\x41\x29\x97\x6c\x64\x79\xbc\xdc\x65\x42\xbf\x02\x00\x00\xff\xff\xc1\x85\x6b\x01\x3a\x05\x00\x00"), + compressedContent: []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xc4\x53\x4f\x6b\xdb\x4e\x10\xbd\xeb\x53\xec\x4d\xf0\x03\x29\x3f\x53\x5c\xca\xde\x52\xb7\x94\x40\x09\xc2\xa5\xbd\x84\x1e\x46\xab\x71\x3c\xf5\xfe\x63\x67\x57\x89\xfd\xe9\xcb\xae\x14\x3b\xa6\x71\xc9\xa1\xa5\x47\xcd\xbe\x79\x6f\xe6\xcd\x13\x78\xfa\x86\x81\xc9\x59\x29\xbc\xd3\xa4\xf6\x57\xe3\xa2\xc7\x08\x8b\x6a\x47\x76\x90\xa2\x73\xc3\x17\x54\x29\x50\xdc\x77\xe5\xbd\x32\x18\x61\x80\x08\xb2\x12\xc2\x82\x41\x29\x0e\x87\xc6\x07\x1a\x49\xe3\x3d\x0e\x95\x10\x60\xad\x8b\x10\xc9\x59\xce\x20\x21\x18\x95\x72\xc6\xb7\x3c\x33\xb5\xa0\xfd\x16\xda\x5d\xea\x31\x58\x8c\xc8\x2d\xb9\x2b\xd0\xda\x3d\xe0\xd0\x05\xb7\x21\x8d\xb7\x60\x90\xa5\xa8\xff\xab\x2b\xf6\xa8\x32\xcf\x49\x43\x8a\x18\x12\x66\xa5\xdc\xd3\x3d\xd5\x3f\xb2\x02\x5d\x74\xcf\x01\x38\xac\xc0\x43\x4f\x9a\x22\x61\x19\xa9\x29\xc4\x42\x8c\x4e\x27\x73\x5e\xda\x3a\x8e\xb7\x18\x1f\x5c\xd8\x1d\x59\x72\xad\x73\x21\xce\x40\x43\x56\x8a\xff\xcb\x66\x06\x1e\xa5\x78\xbb\x5c\xbe\x59\xce\xb0\x9b\x6e\x75\xde\x76\xf3\xe1\xf8\x1d\x92\xbd\xe6\xaf\x8c\x61\x72\x25\x24\x8d\x52\xd4\xeb\x5c\xbd\xb6\xfb\x2c\xce\xf8\x99\x6c\x7a\xbc\xfc\x9e\xbc\xd7\x68\xd0\x46\xd0\x9f\x82\x4b\x9e\x2f\x42\x37\x5c\x00\x17\xde\x9b\xa6\x99\x0f\xbc\xd2\x89\x23\x86\xb5\xd3\x58\x3d\x4f\x43\xe8\x41\xb5\x90\xe2\xd6\x05\x3a\x14\x53\xdb\xdd\xbb\x72\xa8\x71\xf1\x42\x06\x4e\xc7\x69\x3c\xfb\x2a\x0b\xb2\xac\x1a\x01\x9e\xe6\x41\xc5\x5d\x3d\x25\xac\xfe\x9e\xbd\x40\x76\x29\x28\x9c\xeb\xc3\x53\x34\x0a\x84\x90\x0b\x68\xc4\xd0\xb3\xcc\x0b\x88\xbb\x3a\x31\x9e\x75\x4e\x09\x29\x07\x39\x0f\xe0\x8b\xbb\xbd\x27\x3b\x90\xbd\xff\x73\x2b\x36\x6a\x22\x6f\x60\x30\x64\xb9\x0a\x4e\xe3\x1a\x37\x19\xfe\xab\xb1\x17\x5c\x12\x47\x7b\x7e\x33\x4c\xc5\xa9\xff\x81\x2a\x16\x3b\x27\xea\xd2\x72\x24\xe5\x3d\x47\x34\xd2\x40\x96\xe3\x57\x92\x9e\x4c\xfa\x3b\xee\xe4\x7f\x7b\x1a\x6c\x46\xb0\x07\x85\x52\xe4\x7a\x33\x3f\xfc\x73\xcb\x18\xc3\x48\x0a\x41\x29\x97\x6c\x64\xf9\x7c\xb8\xd7\x09\xfd\x0c\x00\x00\xff\xff\x76\x59\x54\x4a\x40\x05\x00\x00"), }, "/lokomotive-kubernetes/bootkube/resources/charts/kubernetes/templates/psp-restricted.yaml": &vfsgen۰CompressedFileInfo{ name: "psp-restricted.yaml", modTime: time.Date(1970, 1, 1, 0, 0, 1, 0, time.UTC), - uncompressedSize: 1745, + uncompressedSize: 1751, - compressedContent: []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xbc\x54\x4d\x6f\xdb\x46\x10\xbd\xf3\x57\x0c\x90\x03\x0f\x2d\x65\x18\x85\x8b\x82\x37\xd7\x4e\x02\x21\xb6\x23\x28\x1f\x97\xa0\x87\x25\x77\x28\x4d\xb5\xdc\xdd\xce\xcc\x4a\x51\x7f\x7d\xb1\x4b\x5a\x96\x9b\x34\xc8\xa1\xc8\x6d\x67\x39\xfb\xde\x9b\x37\xc3\x31\x91\x3e\x22\x0b\x05\xdf\x42\x0c\x8e\xfa\xe3\xc5\xfe\xb2\x43\x35\x97\xd5\x8e\xbc\x6d\x61\x15\xec\x3b\xec\x13\x93\x1e\x57\xe5\x7b\x35\xa2\x1a\x6b\xd4\xb4\x15\x80\x37\x23\xb6\xc0\x28\xca\xd4\x2b\xda\x0a\xc0\x78\x1f\xd4\x28\x05\x2f\x39\x03\x40\xb0\xef\xc3\x18\x17\x32\xc3\x2c\x8c\x8b\x5b\xb3\xd8\xa5\x0e\xd9\xa3\xa2\x2c\x28\x5c\x18\xe7\xc2\x01\xed\x8a\xc3\x40\x0e\x1f\xcc\x88\xd2\x42\x6d\x43\xbf\x43\xbe\xb0\x38\x98\xe4\xb4\xfe\x7e\xb8\xf9\xc5\x19\x5c\x0b\x5f\xc2\x49\xc4\x3e\x6b\x8c\x4c\x7b\x72\xb8\x41\xdb\xc2\x60\x9c\x60\x05\xf0\x02\xd6\xf8\x57\x22\x46\x0b\x1a\x20\x32\xee\xd1\x2b\xa0\xf4\xc6\x4d\xc5\xe5\x6b\x0e\x41\x17\xb9\xe6\xac\x7e\xf5\x88\xf2\xf2\x94\x74\x0e\xf7\x7e\x4b\x02\x24\xc0\x68\x93\xb7\xc6\x2b\x1c\x48\xb7\xe0\x83\x6f\x32\x0c\xfc\x04\x96\xa4\x00\x3d\xe9\x39\xe3\xfb\xb9\x80\x74\x49\xe1\x80\xd0\x1b\x0f\x91\xc3\x9e\x2c\x02\x29\x0c\x81\xc1\xe2\x80\x5e\x10\xc8\x83\xc5\xa8\xdb\x2c\x8b\xe7\x0a\x6e\x39\xc4\x1b\x13\x4d\x47\x8e\x94\xb0\xf4\xa5\x81\x37\xcb\xbb\xbb\x72\xb8\x7f\xf3\xf0\xf6\xb6\x9c\xde\xbd\x7c\xff\x61\x79\x3a\xbe\x2e\xc7\x17\x70\x5d\x44\xf5\x81\x11\xf6\xc1\xa5\x11\x41\x8f\x11\x25\x33\x4c\xf1\x0c\x58\xf7\xc1\x0f\xb4\xb9\x37\xb1\x9e\x62\x1c\xa3\x1e\x6f\x89\xe7\x30\x72\xf8\x13\xf3\x94\xcc\xb1\x60\xcf\xa8\x73\x60\xc3\xc1\x1f\x0c\xdb\xeb\xd5\xb2\x9e\x58\x45\x0a\xd5\xd6\x28\xc4\x3c\xa2\xa2\xe8\xf5\xe3\x44\x08\x82\x0a\x29\x42\x77\x04\xdd\x22\xf4\x2e\x89\x22\x83\xb1\x23\x79\x30\x8c\x20\x66\xc0\xdc\xa1\x24\xb8\x98\xd9\xff\x85\x71\xe3\x0c\x8d\x99\x6a\x1b\x44\x1f\x50\x0f\x81\x77\x4f\xfd\xca\x97\xcb\xd5\xcd\xf3\x8b\xd5\xf2\xf6\xe9\x82\x93\xbf\x96\x0f\x82\x3c\x4d\xf9\x69\x5e\x26\x41\xc1\xab\x21\x8f\x5c\xa6\x24\xf9\xd2\xeb\x90\xb4\x4c\xcc\x53\x7f\x8b\x87\x19\xca\x61\x0b\xf5\x7d\x12\x5d\x67\xd4\x87\xe0\xd7\x21\x14\x67\x04\xef\xc8\xa7\xcf\xed\x79\x5e\xc9\xb9\xf6\xc7\xf2\x3d\xc5\xe8\x70\x44\xaf\xc6\xbd\xe6\x90\xa2\xb4\x5f\x85\x9c\xfe\x1d\x36\x7e\x83\xf2\x28\xf8\x55\xe0\x8e\x2c\x18\x6b\xc9\x6f\x8a\xec\xa2\x6e\x93\x61\x26\x61\x0d\x8c\xe4\x5b\xb8\x2c\x01\xc0\x68\x3e\xb7\xf0\xeb\xd5\xd5\x2f\x57\x15\xc0\x20\x85\xef\x47\xd1\x31\x1a\xfb\xd6\xbb\x63\x36\xe6\x15\x39\x94\xa3\x28\x8e\x8f\xed\x68\x9a\x66\xde\x57\x37\xd3\x28\xac\x83\xc3\xea\x7c\xb9\x71\x67\xfa\x85\x49\xba\x0d\x4c\x7f\x97\x3f\x6a\xb1\xfb\xad\xec\x8a\xfd\xe5\x37\x57\x5a\x13\x25\x56\xb9\x3e\x69\xab\x06\x4c\xa4\xd9\x66\xf8\x54\x4f\x0b\xb3\xfe\xa3\xc8\x93\x90\xb8\xc7\xf9\xde\x3e\x6e\xa7\x92\x42\x28\x25\x69\x8f\xdc\x49\x5b\x6a\xfb\x54\x27\xc1\x67\x2f\xa7\x9d\x57\x66\xf5\x6c\x9f\x7e\xb5\xb0\xdf\xc9\x67\x0f\xff\xbf\xfa\x9a\xc9\xcd\x26\xbf\x47\xaf\xd4\x9b\xcc\xcd\xc1\xe1\x1a\x87\xfc\xe8\x4b\x6f\xff\xc3\x28\x38\x39\xf4\x0d\x49\x95\xa4\x2e\x6f\x82\xe2\xe8\x04\x5d\x9e\x9c\x40\xe7\xe6\x3e\x97\xf3\x7d\xd0\xff\x04\x00\x00\xff\xff\x3c\x63\xd2\xd1\xd1\x06\x00\x00"), + compressedContent: []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xbc\x54\x4d\x6f\x1b\x37\x10\xbd\xef\xaf\x18\x20\x07\x1d\xda\x95\x61\x14\x2e\x8a\xbd\xb9\x76\x12\x08\xb1\x1d\x41\xf9\xb8\x04\x3d\x70\x97\xb3\xd2\x54\x5c\x92\x9d\x19\x4a\x91\x7f\x7d\x41\xee\x5a\x92\x1b\xb7\xc8\xa1\xc8\x8d\xc3\x1d\xbe\x79\xf3\x66\xf6\x99\x48\x9f\x91\x85\x82\x6f\x20\x06\x47\xdd\xe1\x62\x77\xd9\xa2\x9a\xcb\x6a\x4b\xde\x36\xb0\x0c\xf6\x03\x76\x89\x49\x0f\xcb\xf2\xbd\x1a\x50\x8d\x35\x6a\x9a\x0a\xc0\x9b\x01\x1b\x78\x7c\xac\x19\x45\x99\x3a\x45\x5b\x01\x18\xef\x83\x1a\xa5\xe0\x25\x27\x01\x08\x76\x5d\x18\xe2\x5c\x26\xa4\xb9\x71\x71\x63\xe6\xdb\xd4\x22\x7b\x54\x94\x39\x85\x0b\xe3\x5c\xd8\xa3\x5d\x72\xe8\xc9\xe1\x83\x19\x50\x1a\x98\xd9\xd0\x6d\x91\x2f\x2c\xf6\x26\x39\x9d\x7d\x3f\xdc\xf4\xe2\x0c\xae\x81\x6f\xe1\x24\x62\x97\x39\x46\xa6\x1d\x39\x5c\xa3\x6d\xa0\x37\x4e\xb0\x02\x78\x05\x2b\xfc\x2b\x11\xa3\x05\x0d\x10\x19\x77\xe8\x15\x50\x3a\xe3\xc6\xe6\xf2\x35\x87\xa0\xf3\xdc\x73\x66\xbf\x7c\x42\x79\x7d\x4c\x3a\x87\xfb\xb8\x21\x01\x12\x60\xb4\xc9\x5b\xe3\x15\xf6\xa4\x1b\xf0\xc1\xd7\x19\x06\x7e\x02\x4b\x52\x80\x4e\x7c\xce\xea\xfd\x5c\x40\xda\xa4\xb0\x47\xe8\x8c\x87\xc8\x61\x47\x16\x81\x14\xfa\xc0\x60\xb1\x47\x2f\x08\xe4\xc1\x62\xd4\x4d\xa6\xc5\x53\x07\xb7\x1c\xe2\x8d\x89\xa6\x25\x47\x4a\x58\xe6\x52\xc3\xbb\xc5\xdd\x5d\x39\xdc\xbf\x7b\x78\x7f\x5b\x4e\x1f\x5e\x7f\xfc\xb4\x38\x1e\xdf\x96\xe3\x2b\xb8\x2e\xa4\xba\xc0\x08\xbb\xe0\xd2\x80\xa0\x87\x88\x92\x2b\x8c\xf1\x04\x38\xeb\x82\xef\x69\x7d\x6f\xe2\x6c\x8c\x71\x88\x7a\xb8\x25\x9e\xc2\xc8\xe1\x4f\xcc\x5b\x32\xc5\x82\x1d\xa3\x4e\x81\x0d\x7b\xbf\x37\x6c\xaf\x97\x8b\xd9\x58\x55\xa4\x94\xda\x18\x85\x98\xb7\x54\x14\xbd\x7e\x1e\x0b\x82\xa0\x42\x8a\xd0\x1e\x40\x37\x08\x9d\x4b\xa2\xc8\x60\xec\x40\x1e\x0c\x23\x88\xe9\x31\x4f\x28\x09\xce\xa7\xea\xff\xc0\xb8\x71\x86\x86\x5c\x6a\x13\x44\x1f\x50\xf7\x81\xb7\xa7\x79\xe5\xcb\xc5\xf2\xe6\xf9\xc5\x72\x71\x7b\xba\xe0\xe4\xaf\xe5\x93\x20\x8f\x5b\x7e\xdc\x97\x91\x50\xf0\x6a\xc8\x23\x97\x2d\x49\xbe\xcc\x3a\x24\x2d\x1b\x73\x9a\x6f\xd1\x30\x43\x39\x6c\x60\x76\x9f\x44\x57\x19\xf5\x21\xf8\x55\x08\x45\x19\xc1\x3b\xf2\xe9\x6b\x73\x9e\x57\x72\xae\xfd\xa1\x7c\x4f\x31\x3a\x1c\xd0\xab\x71\x6f\x39\xa4\x28\xcd\x8b\x90\xe3\xbf\xc3\xc6\xaf\x51\x9e\x08\xbf\x09\xdc\x92\x05\x63\x2d\xf9\x75\xa1\x5d\xd8\xad\x33\xcc\x48\xac\x86\x81\x7c\x03\x97\x25\x00\x18\xcc\xd7\x06\x7e\xbd\xba\xfa\xe5\xaa\x02\xe8\xa5\xd4\xfb\x51\xe5\x18\x8d\x7d\xef\xdd\x21\x0b\xf3\x86\x1c\xca\x41\x14\x87\xa7\x71\xd4\x75\x3d\x59\xd6\xcd\xb8\x0a\xab\xe0\xb0\x3a\xf7\x37\x6e\x4d\x37\x37\x49\x37\x81\xe9\xb1\xfc\x51\xf3\xed\x6f\xc5\x2b\x76\x97\x2f\xb8\xda\xc9\xd2\xea\x28\xb1\xca\xfd\x49\x53\xd5\x60\x22\x4d\x32\xc3\x97\xd9\xe8\x99\xb3\x3f\x0a\x3d\x09\x89\x3b\x9c\xee\xed\x93\x3b\x95\x14\x42\x29\x49\x3b\xe4\x56\x9a\xd2\xdb\x97\x59\x12\x7c\xf6\x72\xf4\xbc\xb2\xab\xcf\x2d\xf5\xc5\xde\x7e\x27\x9f\x65\xfc\xff\x5a\xac\x47\x41\xeb\xfc\x1e\xbd\x52\x67\x72\x6d\x0e\x0e\x57\xd8\xe7\x47\xdf\xca\xfb\x2f\x5a\xc1\x51\xa4\xff\xa0\x54\x49\x6a\xb3\x19\x14\x51\x47\xe8\xf2\xe4\x08\x3a\xcd\xf7\x39\x9d\xef\x83\xfe\x3b\x00\x00\xff\xff\xc4\x26\xc2\x40\xd7\x06\x00\x00"), }, "/lokomotive-kubernetes/bootkube/resources/charts/kubernetes/values.yaml": &vfsgen۰CompressedFileInfo{ name: "values.yaml",