Skip to content

Commit 30dcf5a

Browse files
corneliusludmanncorneliusludmann
committed
Remove PodSecurityPolicy in Installer
1 parent 62153d3 commit 30dcf5a

File tree

11 files changed

+45
-48
lines changed

11 files changed

+45
-48
lines changed

installer/pkg/components/alertmanager/objects.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@ import (
77
var Objects = common.CompositeRenderFunc(
88
alertmanager,
99
configSecret,
10-
role,
10+
// role,
1111
roleBinding,
1212
service,
1313
serviceAccount,

installer/pkg/components/alertmanager/role.go

Lines changed: 8 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,6 @@ import (
66
"k8s.io/apimachinery/pkg/runtime"
77

88
"github.com/gitpod-io/observability/installer/pkg/common"
9-
"github.com/gitpod-io/observability/installer/pkg/components/shared"
109
)
1110

1211
func role(ctx *common.RenderContext) ([]runtime.Object, error) {
@@ -21,14 +20,14 @@ func role(ctx *common.RenderContext) ([]runtime.Object, error) {
2120
Namespace: Namespace,
2221
Labels: common.Labels(Name, Component, App, Version),
2322
},
24-
Rules: []rbacv1.PolicyRule{
25-
{
26-
APIGroups: []string{"policy"},
27-
Resources: []string{"podsecuritypolicies"},
28-
Verbs: []string{"use"},
29-
ResourceNames: []string{shared.RestrictedPodsecurityPolicyName()},
30-
},
31-
},
23+
// Rules: []rbacv1.PolicyRule{
24+
// {
25+
// APIGroups: []string{"policy"},
26+
// Resources: []string{"podsecuritypolicies"},
27+
// Verbs: []string{"use"},
28+
// ResourceNames: []string{shared.RestrictedPodsecurityPolicyName()},
29+
// },
30+
// },
3231
},
3332
}, nil
3433
}

installer/pkg/components/kubestate-metrics/clusterrole.go

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -126,12 +126,12 @@ func clusterRole(ctx *common.RenderContext) ([]runtime.Object, error) {
126126
Resources: []string{"subjectaccessreviews"},
127127
Verbs: []string{"create"},
128128
},
129-
{
130-
APIGroups: []string{"policy"},
131-
Resources: []string{"podsecuritypolicies"},
132-
Verbs: []string{"use"},
133-
ResourceNames: []string{Name},
134-
},
129+
// {
130+
// APIGroups: []string{"policy"},
131+
// Resources: []string{"podsecuritypolicies"},
132+
// Verbs: []string{"use"},
133+
// ResourceNames: []string{Name},
134+
// },
135135
},
136136
},
137137
}, nil

installer/pkg/components/kubestate-metrics/objects.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ var Objects = common.CompositeRenderFunc(
88
clusterRole,
99
clusterRoleBinding,
1010
deployment,
11-
podsecuritypolicy,
11+
// podsecuritypolicy,
1212
service,
1313
serviceAccount,
1414
serviceMonitor,

installer/pkg/components/node-exporter/clusterrole.go

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -30,12 +30,12 @@ func clusterRole(ctx *common.RenderContext) ([]runtime.Object, error) {
3030
Resources: []string{"subjectaccessreviews"},
3131
Verbs: []string{"create"},
3232
},
33-
{
34-
APIGroups: []string{"policy"},
35-
Resources: []string{"podsecuritypolicies"},
36-
Verbs: []string{"use"},
37-
ResourceNames: []string{Name},
38-
},
33+
// {
34+
// APIGroups: []string{"policy"},
35+
// Resources: []string{"podsecuritypolicies"},
36+
// Verbs: []string{"use"},
37+
// ResourceNames: []string{Name},
38+
// },
3939
},
4040
},
4141
}, nil

installer/pkg/components/node-exporter/objects.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ var Objects = common.CompositeRenderFunc(
88
clusterRole,
99
clusterRoleBinding,
1010
daemonset,
11-
podsecuritypolicy,
11+
// podsecuritypolicy,
1212
service,
1313
serviceAccount,
1414
serviceMonitor,

installer/pkg/components/otel-collector/clusterrole.go

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -19,14 +19,14 @@ func clusterRole(ctx *common.RenderContext) ([]runtime.Object, error) {
1919
Name: Name,
2020
Labels: common.Labels(Name, Component, App, Version),
2121
},
22-
Rules: []rbacv1.PolicyRule{
23-
{
24-
APIGroups: []string{"policy"},
25-
Resources: []string{"podsecuritypolicies"},
26-
Verbs: []string{"use"},
27-
ResourceNames: []string{Name},
28-
},
29-
},
22+
// Rules: []rbacv1.PolicyRule{
23+
// {
24+
// APIGroups: []string{"policy"},
25+
// Resources: []string{"podsecuritypolicies"},
26+
// Verbs: []string{"use"},
27+
// ResourceNames: []string{Name},
28+
// },
29+
// },
3030
},
3131
}, nil
3232
}

installer/pkg/components/otel-collector/objects.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@ func Objects(ctx *common.RenderContext) common.RenderFunc {
2121
clusterRoleBinding,
2222
configMap,
2323
deployment,
24-
podsecuritypolicy,
24+
// podsecuritypolicy,
2525
service,
2626
serviceAccount,
2727
serviceMonitor,

installer/pkg/components/prometheus-operator/clusterrole.go

Lines changed: 6 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,6 @@ import (
66
"k8s.io/apimachinery/pkg/runtime"
77

88
"github.com/gitpod-io/observability/installer/pkg/common"
9-
"github.com/gitpod-io/observability/installer/pkg/components/shared"
109
)
1110

1211
func clusterRole(ctx *common.RenderContext) ([]runtime.Object, error) {
@@ -84,12 +83,12 @@ func clusterRole(ctx *common.RenderContext) ([]runtime.Object, error) {
8483
Resources: []string{"subjectaccessreviews"},
8584
Verbs: []string{"create"},
8685
},
87-
{
88-
APIGroups: []string{"policy"},
89-
Resources: []string{"podsecuritypolicies"},
90-
Verbs: []string{"use"},
91-
ResourceNames: []string{shared.RestrictedPodsecurityPolicyName()},
92-
},
86+
// {
87+
// APIGroups: []string{"policy"},
88+
// Resources: []string{"podsecuritypolicies"},
89+
// Verbs: []string{"use"},
90+
// ResourceNames: []string{shared.RestrictedPodsecurityPolicyName()},
91+
// },
9392
},
9493
},
9594
}, nil

installer/pkg/components/prometheus/clusterrole.go

Lines changed: 6 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,6 @@ import (
66
"k8s.io/apimachinery/pkg/runtime"
77

88
"github.com/gitpod-io/observability/installer/pkg/common"
9-
"github.com/gitpod-io/observability/installer/pkg/components/shared"
109
)
1110

1211
func clusterRole(ctx *common.RenderContext) ([]runtime.Object, error) {
@@ -40,12 +39,12 @@ func clusterRole(ctx *common.RenderContext) ([]runtime.Object, error) {
4039

4140
Verbs: []string{"get"},
4241
},
43-
{
44-
APIGroups: []string{"policy"},
45-
Resources: []string{"podsecuritypolicies"},
46-
Verbs: []string{"use"},
47-
ResourceNames: []string{shared.RestrictedPodsecurityPolicyName()},
48-
},
42+
// {
43+
// APIGroups: []string{"policy"},
44+
// Resources: []string{"podsecuritypolicies"},
45+
// Verbs: []string{"use"},
46+
// ResourceNames: []string{shared.RestrictedPodsecurityPolicyName()},
47+
// },
4948
},
5049
},
5150
}, nil

installer/pkg/components/shared/objects.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,5 +5,5 @@ import (
55
)
66

77
var Objects = common.CompositeRenderFunc(
8-
restrictedPodsecurityPolicy,
8+
// restrictedPodsecurityPolicy,
99
)

0 commit comments

Comments
 (0)