cleanup psp related rbac in cluster addons

2025-07-21 02:41:25 +00:00 · 2022-10-31 11:29:20 +08:00 · 2022-10-31 11:29:20 +08:00 · 9e8dc1d4a5
commit 9e8dc1d4a5
parent a65d76a5b6
5 changed files with 0 additions and 79 deletions
--- a/cluster/addons/calico-policy-controller/podsecuritypolicies/calico-node-psp-binding.yaml
+++ b/cluster/addons/calico-policy-controller/podsecuritypolicies/calico-node-psp-binding.yaml
@ -1,15 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: gce:podsecuritypolicy:calico
-  namespace: kube-system
-  labels:
-    addonmanager.kubernetes.io/mode: Reconcile
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: gce:podsecuritypolicy:privileged
-subjects:
- kind: ServiceAccount
-  name: calico
-  namespace: kube-system
--- a/cluster/addons/ip-masq-agent/podsecuritypolicies/ip-masq-agent-psp-binding.yaml
+++ b/cluster/addons/ip-masq-agent/podsecuritypolicies/ip-masq-agent-psp-binding.yaml
@ -1,16 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: gce:podsecuritypolicy:ip-masq-agent
-  namespace: kube-system
-  labels:
-    addonmanager.kubernetes.io/mode: Reconcile
-    kubernetes.io/cluster-service: "true"
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: gce:podsecuritypolicy:privileged
-subjects:
- kind: ServiceAccount
-  name: ip-masq-agent
-  namespace: kube-system
--- a/cluster/addons/metadata-agent/stackdriver/podsecuritypolicies/metadata-agent-psp-binding.yaml
+++ b/cluster/addons/metadata-agent/stackdriver/podsecuritypolicies/metadata-agent-psp-binding.yaml
@ -1,16 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: gce:podsecuritypolicy:metadata-agent
-  namespace: kube-system
-  labels:
-    addonmanager.kubernetes.io/mode: Reconcile
-    kubernetes.io/cluster-service: "true"
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: gce:podsecuritypolicy:privileged
-subjects:
-  - kind: ServiceAccount
-    name: metadata-agent
-    namespace: kube-system
--- a/cluster/addons/metadata-proxy/gce/podsecuritypolicies/metadata-proxy-psp-binding.yaml
+++ b/cluster/addons/metadata-proxy/gce/podsecuritypolicies/metadata-proxy-psp-binding.yaml
@ -1,16 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: gce:podsecuritypolicy:metadata-proxy
-  namespace: kube-system
-  labels:
-    addonmanager.kubernetes.io/mode: Reconcile
-    kubernetes.io/cluster-service: "true"
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: gce:podsecuritypolicy:privileged
-subjects:
- kind: ServiceAccount
-  name: metadata-proxy
-  namespace: kube-system
--- a/cluster/addons/node-problem-detector/podsecuritypolicies/npd-psp-binding.yaml
+++ b/cluster/addons/node-problem-detector/podsecuritypolicies/npd-psp-binding.yaml
@ -1,16 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: gce:podsecuritypolicy:npd
-  namespace: kube-system
-  labels:
-    addonmanager.kubernetes.io/mode: Reconcile
-    kubernetes.io/cluster-service: "true"
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: gce:podsecuritypolicy:privileged
-subjects:
- kind: ServiceAccount
-  name: node-problem-detector
-  namespace: kube-system