Skip to content

Commit

Permalink
Remove hostPorts from unprivileged psp (#1040)
Browse files Browse the repository at this point in the history
hostPorts by definition require to use hostNetwork so
having them allowed in the psp where hostNetwork is
forbidden is not correct.

Signed-off-by: lcavajani <lcavajani@suse.com>
  • Loading branch information
spiarh authored May 7, 2020
1 parent 6a9e489 commit dcb5292
Show file tree
Hide file tree
Showing 2 changed files with 1 addition and 4 deletions.
3 changes: 0 additions & 3 deletions internal/pkg/skuba/addons/psp.go
Original file line number Diff line number Diff line change
Expand Up @@ -300,9 +300,6 @@ spec:
hostPID: false
hostIPC: false
hostNetwork: false
hostPorts:
- min: 0
max: 65535
# SELinux
seLinux:
# SELinux is unused in CaaSP
Expand Down
2 changes: 1 addition & 1 deletion internal/pkg/skuba/kubernetes/versions.go
Original file line number Diff line number Diff line change
Expand Up @@ -106,7 +106,7 @@ var (
Dex: &AddonVersion{"2.16.0", 6},
Gangway: &AddonVersion{"3.1.0-rev4", 5},
MetricsServer: &AddonVersion{"0.3.6", 1},
PSP: &AddonVersion{"", 3},
PSP: &AddonVersion{"", 4},
},
},
"1.16.2": KubernetesVersion{
Expand Down

0 comments on commit dcb5292

Please sign in to comment.