From c0e231ac7a903d98bc3d89c22476670516874fbe Mon Sep 17 00:00:00 2001 From: Rita Zhang Date: Mon, 4 Dec 2023 22:18:43 -0800 Subject: [PATCH] fix: disable psp as default (#3179) Signed-off-by: Rita Zhang --- cmd/build/helmify/static/README.md | 2 +- cmd/build/helmify/static/values.yaml | 2 +- manifest_staging/charts/gatekeeper/README.md | 2 +- manifest_staging/charts/gatekeeper/values.yaml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/cmd/build/helmify/static/README.md b/cmd/build/helmify/static/README.md index f7bdc1af3d3..56e34f02c23 100644 --- a/cmd/build/helmify/static/README.md +++ b/cmd/build/helmify/static/README.md @@ -120,7 +120,7 @@ information._ | preUninstall.nodeSelector | The node selector to use for pod scheduling in preUninstall hook jobs | `kubernetes.io/os: linux` | | preUninstall.resources | The resource request/limits for the container image in preUninstall hook jobs | `{}` | | preUninstall.securityContext | Security context applied on the container | `{ "allowPrivilegeEscalation": false, "capabilities": "drop": [all], "readOnlyRootFilesystem": true, "runAsGroup": 999, "runAsNonRoot": true, "runAsUser": 1000 }` | -| psp.enabled | Enabled PodSecurityPolicy | `true` | +| psp.enabled | Enabled PodSecurityPolicy | `false` | | upgradeCRDs.enabled | Upgrade CRDs using pre-install/pre-upgrade hooks | `true` | | upgradeCRDs.extraRules | Extra rules for the gatekeeper-admin-upgrade-crds ClusterRole | `[]` | | upgradeCRDs.priorityClassName | Priority class name for gatekeeper-update-crds-hook Job | `` | diff --git a/cmd/build/helmify/static/values.yaml b/cmd/build/helmify/static/values.yaml index cb783bf0e4d..f69d0e30de7 100644 --- a/cmd/build/helmify/static/values.yaml +++ b/cmd/build/helmify/static/values.yaml @@ -264,7 +264,7 @@ pdb: service: {} disabledBuiltins: ["{http.send}"] psp: - enabled: true + enabled: false upgradeCRDs: enabled: true extraRules: [] diff --git a/manifest_staging/charts/gatekeeper/README.md b/manifest_staging/charts/gatekeeper/README.md index f7bdc1af3d3..56e34f02c23 100644 --- a/manifest_staging/charts/gatekeeper/README.md +++ b/manifest_staging/charts/gatekeeper/README.md @@ -120,7 +120,7 @@ information._ | preUninstall.nodeSelector | The node selector to use for pod scheduling in preUninstall hook jobs | `kubernetes.io/os: linux` | | preUninstall.resources | The resource request/limits for the container image in preUninstall hook jobs | `{}` | | preUninstall.securityContext | Security context applied on the container | `{ "allowPrivilegeEscalation": false, "capabilities": "drop": [all], "readOnlyRootFilesystem": true, "runAsGroup": 999, "runAsNonRoot": true, "runAsUser": 1000 }` | -| psp.enabled | Enabled PodSecurityPolicy | `true` | +| psp.enabled | Enabled PodSecurityPolicy | `false` | | upgradeCRDs.enabled | Upgrade CRDs using pre-install/pre-upgrade hooks | `true` | | upgradeCRDs.extraRules | Extra rules for the gatekeeper-admin-upgrade-crds ClusterRole | `[]` | | upgradeCRDs.priorityClassName | Priority class name for gatekeeper-update-crds-hook Job | `` | diff --git a/manifest_staging/charts/gatekeeper/values.yaml b/manifest_staging/charts/gatekeeper/values.yaml index cb783bf0e4d..f69d0e30de7 100644 --- a/manifest_staging/charts/gatekeeper/values.yaml +++ b/manifest_staging/charts/gatekeeper/values.yaml @@ -264,7 +264,7 @@ pdb: service: {} disabledBuiltins: ["{http.send}"] psp: - enabled: true + enabled: false upgradeCRDs: enabled: true extraRules: []