Skip to content

Commit

Permalink
feat: remove PSP
Browse files Browse the repository at this point in the history 
BREAKING CHANGE: PSP are removed by default preparing for depreciation

Signed-off-by: Kevin Lefevre <[email protected]>
  • Loading branch information
@ArchiFleKs
ArchiFleKs committed Jun 14, 2022
1 parent 885778b commit e6ac1d7
Show file tree
Hide file tree
Showing 14 changed files with 5 additions and 34 deletions.
3 changes: 0 additions & 3 deletions cert-manager.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,9 +22,6 @@ locals {

values_cert-manager = <<VALUES
global:
podSecurityPolicy:
enabled: true
useAppArmor: false
priorityClassName: ${local.priority-class["create"] ? kubernetes_priority_class.kubernetes_addons[0].metadata[0].name : ""}
serviceAccount:
name: ${local.cert-manager["service_account_name"]}
Expand Down
1 change: 0 additions & 1 deletion flux.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,6 @@ locals {
values_flux = <<VALUES
rbac:
create: true
pspEnabled: false
syncGarbageCollection:
enabled: true
dry: false
Expand Down
2 changes: 0 additions & 2 deletions ingress-nginx.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,8 +28,6 @@ controller:
publishService:
enabled: true
priorityClassName: ${local.priority-class-ds["create"] ? kubernetes_priority_class.kubernetes_addons_ds[0].metadata[0].name : ""}
podSecurityPolicy:
enabled: false
admissionWebhooks:
patch:
podAnnotations:
Expand Down
2 changes: 0 additions & 2 deletions kong.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,8 +30,6 @@ env:
database: "off"
admin:
type: ClusterIP
podSecurityPolicy:
enabled: true
autoscaling:
enabled: true
replicaCount: 2
Expand Down
2 changes: 1 addition & 1 deletion kube-prometheus.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ locals {
values_kube-prometheus-stack = <<VALUES
grafana:
rbac:
pspUseAppArmor: false
pspEnabled: false
adminPassword: ${join(",", random_string.grafana_password.*.result)}
dashboardProviders:
dashboardproviders.yaml:
Expand Down
3 changes: 0 additions & 3 deletions modules/aws/cert-manager.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,9 +26,6 @@ locals {

values_cert-manager = <<VALUES
global:
podSecurityPolicy:
enabled: true
useAppArmor: false
priorityClassName: ${local.priority-class["create"] ? kubernetes_priority_class.kubernetes_addons[0].metadata[0].name : ""}
serviceAccount:
name: ${local.cert-manager["service_account_name"]}
Expand Down
1 change: 0 additions & 1 deletion modules/aws/cluster-autoscaler.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,6 @@ autoDiscovery:
awsRegion: ${data.aws_region.current.name}
rbac:
create: true
pspEnabled: true
serviceAccount:
name: ${local.cluster-autoscaler["service_account_name"]}
annotations:
Expand Down
8 changes: 0 additions & 8 deletions modules/aws/ingress-nginx.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,8 +37,6 @@ controller:
config:
use-proxy-protocol: "true"
priorityClassName: ${local.priority-class-ds["create"] ? kubernetes_priority_class.kubernetes_addons_ds[0].metadata[0].name : ""}
podSecurityPolicy:
enabled: true
admissionWebhooks:
patch:
podAnnotations:
Expand All @@ -63,8 +61,6 @@ controller:
publishService:
enabled: true
priorityClassName: ${local.priority-class-ds["create"] ? kubernetes_priority_class.kubernetes_addons_ds[0].metadata[0].name : ""}
podSecurityPolicy:
enabled: true
admissionWebhooks:
patch:
podAnnotations:
Expand All @@ -89,8 +85,6 @@ controller:
publishService:
enabled: true
priorityClassName: ${local.priority-class-ds["create"] ? kubernetes_priority_class.kubernetes_addons_ds[0].metadata[0].name : ""}
podSecurityPolicy:
enabled: true
admissionWebhooks:
patch:
podAnnotations:
Expand Down Expand Up @@ -122,8 +116,6 @@ controller:
use-forwarded-headers: "true"
proxy-real-ip-cidr: "0.0.0.0/0"
priorityClassName: ${local.priority-class-ds["create"] ? kubernetes_priority_class.kubernetes_addons_ds[0].metadata[0].name : ""}
podSecurityPolicy:
enabled: true
admissionWebhooks:
patch:
podAnnotations:
Expand Down
2 changes: 1 addition & 1 deletion modules/aws/kube-prometheus.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ grafana:
global:
enabled: ${local.kube-prometheus-stack["thanos_sidecar_enabled"] ? "true" : "false"}
rbac:
pspUseAppArmor: false
pspEnabled: false
serviceAccount:
create: true
name: ${local.kube-prometheus-stack["grafana_service_account_name"]}
Expand Down
3 changes: 0 additions & 3 deletions modules/scaleway/cert-manager.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,9 +36,6 @@ locals {

values_cert-manager = <<VALUES
global:
podSecurityPolicy:
enabled: true
useAppArmor: false
priorityClassName: ${local.priority-class["create"] ? kubernetes_priority_class.kubernetes_addons[0].metadata[0].name : ""}
serviceAccount:
name: ${local.cert-manager["service_account_name"]}
Expand Down
6 changes: 2 additions & 4 deletions modules/scaleway/ingress-nginx.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,14 +34,12 @@ controller:
config:
use-proxy-protocol: "true"
priorityClassName: ${local.priority-class-ds["create"] ? kubernetes_priority_class.kubernetes_addons_ds[0].metadata[0].name : ""}
defaultBackend:
replicaCount: 2
podSecurityPolicy:
enabled: false
admissionWebhooks:
patch:
podAnnotations:
linkerd.io/inject: disabled
defaultBackend:
replicaCount: 2
VALUES

}
Expand Down
2 changes: 1 addition & 1 deletion modules/scaleway/kube-prometheus.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ grafana:
global:
enabled: ${local.kube-prometheus-stack["thanos_sidecar_enabled"] ? "true" : "false"}
rbac:
pspUseAppArmor: false
pspEnabled: false
adminPassword: ${join(",", random_string.grafana_password.*.result)}
dashboardProviders:
dashboardproviders.yaml:
Expand Down
2 changes: 0 additions & 2 deletions node-problem-detector.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,6 @@ locals {
)

values_npd = <<VALUES
rbac:
pspEnabled: true
priorityClassName: ${local.priority-class-ds["create"] ? kubernetes_priority_class.kubernetes_addons_ds[0].metadata[0].name : ""}
VALUES

Expand Down
2 changes: 0 additions & 2 deletions sealed-secrets.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,8 +15,6 @@ locals {
)

values_sealed-secrets = <<VALUES
rbac:
pspEnabled: true
priorityClassName: ${local.priority-class["create"] ? kubernetes_priority_class.kubernetes_addons[0].metadata[0].name : ""}
VALUES

Expand Down

0 comments on commit e6ac1d7

Please sign in to comment.