mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-23 03:41:45 +00:00
Merge pull request #39301 from xilabao/add-psp-example-to-local-up-cluster
Automatic merge from submit-queue create psp policy in local-up-cluster.sh run the command ``` PSP_ADMISSION=true ALLOW_PRIVILEGED=true ALLOW_SECURITY_CONTEXT=true ALLOW_ANY_TOKEN=true ENABLE_RBAC=true RUNTIME_CONFIG="extensions/v1beta1=true,extensions/v1beta1/podsecuritypolicy=true" hack/local-up-cluster.sh ``` create psp policies for rbac
This commit is contained in:
commit
f9d2153372
@ -633,6 +633,13 @@ function start_kubedns {
|
||||
fi
|
||||
}
|
||||
|
||||
function create_psp_policy {
|
||||
echo "Create podsecuritypolicy policies for RBAC."
|
||||
${KUBECTL} --kubeconfig="${CERT_DIR}/admin.kubeconfig" create -f ${KUBE_ROOT}/examples/podsecuritypolicy/rbac/policies.yaml
|
||||
${KUBECTL} --kubeconfig="${CERT_DIR}/admin.kubeconfig" create -f ${KUBE_ROOT}/examples/podsecuritypolicy/rbac/roles.yaml
|
||||
${KUBECTL} --kubeconfig="${CERT_DIR}/admin.kubeconfig" create -f ${KUBE_ROOT}/examples/podsecuritypolicy/rbac/bindings.yaml
|
||||
}
|
||||
|
||||
function print_success {
|
||||
if [[ "${START_MODE}" != "kubeletonly" ]]; then
|
||||
cat <<EOF
|
||||
@ -720,6 +727,10 @@ if [[ "${START_MODE}" != "nokubelet" ]]; then
|
||||
start_kubelet
|
||||
fi
|
||||
|
||||
if [[ -n "${PSP_ADMISSION}" && "${ENABLE_RBAC}" = true ]]; then
|
||||
create_psp_policy
|
||||
fi
|
||||
|
||||
print_success
|
||||
|
||||
if [[ "${ENABLE_DAEMON}" = false ]]; then
|
||||
|
Loading…
Reference in New Issue
Block a user