rke/authz/psp.go

package authz

import (
	"context"

	"k8s.io/client-go/transport"

	"github.com/rancher/rke/k8s"
	"github.com/rancher/rke/log"
	"github.com/rancher/rke/templates"
)

func ApplyDefaultPodSecurityPolicy(ctx context.Context, kubeConfigPath string, k8sWrapTransport transport.WrapperFunc) error {
	log.Infof(ctx, "[authz] Applying default PodSecurityPolicy")
	k8sClient, err := k8s.NewClient(kubeConfigPath, k8sWrapTransport)
	if err != nil {
		return err
	}
	if err := k8s.UpdatePodSecurityPolicyFromYaml(k8sClient, templates.DefaultPodSecurityPolicy); err != nil {
		return err
	}
	log.Infof(ctx, "[authz] Default PodSecurityPolicy applied successfully")
	return nil
}

func ApplyDefaultPodSecurityPolicyRole(ctx context.Context, kubeConfigPath, namespace string, k8sWrapTransport transport.WrapperFunc) error {
	log.Infof(ctx, "[authz] Applying default PodSecurityPolicy Role and RoleBinding in %s", namespace)
	k8sClient, err := k8s.NewClient(kubeConfigPath, k8sWrapTransport)
	if err != nil {
		return err
	}
	if err := k8s.UpdateRoleFromYaml(k8sClient, templates.DefaultPodSecurityRole, namespace); err != nil {
		return err
	}
	if err := k8s.UpdateRoleBindingFromYaml(k8sClient, templates.DefaultPodSecurityRoleBinding, namespace); err != nil {
		return err
	}
	log.Infof(ctx, "[authz] Default PodSecurityPolicy Role and RoleBinding applied successfully")
	return nil
}
Enable PodSecurityPolicy support 2017-12-20 03:51:07 +02:00			`package authz`

			`import (`
Add context.Context to everything and also make logging pluggable 2018-01-09 15:10:56 -07:00			`"context"`

Update to new certs package since latest k8s dropped it 2019-08-19 10:53:15 -07:00			`"k8s.io/client-go/transport"`

Enable PodSecurityPolicy support 2017-12-20 03:51:07 +02:00			`"github.com/rancher/rke/k8s"`
Add context.Context to everything and also make logging pluggable 2018-01-09 15:10:56 -07:00			`"github.com/rancher/rke/log"`
Use go templates for addons, network plugins and other manifests 2017-12-16 05:37:45 +02:00			`"github.com/rancher/rke/templates"`
Enable PodSecurityPolicy support 2017-12-20 03:51:07 +02:00			`)`

Update to new certs package since latest k8s dropped it 2019-08-19 10:53:15 -07:00			`func ApplyDefaultPodSecurityPolicy(ctx context.Context, kubeConfigPath string, k8sWrapTransport transport.WrapperFunc) error {`
Add context.Context to everything and also make logging pluggable 2018-01-09 15:10:56 -07:00			`log.Infof(ctx, "[authz] Applying default PodSecurityPolicy")`
Add support for custom WrapTransport for Kubernetes Client 2018-02-20 13:51:57 +02:00			`k8sClient, err := k8s.NewClient(kubeConfigPath, k8sWrapTransport)`
Enable PodSecurityPolicy support 2017-12-20 03:51:07 +02:00			`if err != nil {`
			`return err`
			`}`
Use go templates for addons, network plugins and other manifests 2017-12-16 05:37:45 +02:00			`if err := k8s.UpdatePodSecurityPolicyFromYaml(k8sClient, templates.DefaultPodSecurityPolicy); err != nil {`
Enable PodSecurityPolicy support 2017-12-20 03:51:07 +02:00			`return err`
			`}`
Add context.Context to everything and also make logging pluggable 2018-01-09 15:10:56 -07:00			`log.Infof(ctx, "[authz] Default PodSecurityPolicy applied successfully")`
Enable PodSecurityPolicy support 2017-12-20 03:51:07 +02:00			`return nil`
			`}`

Update to new certs package since latest k8s dropped it 2019-08-19 10:53:15 -07:00			`func ApplyDefaultPodSecurityPolicyRole(ctx context.Context, kubeConfigPath, namespace string, k8sWrapTransport transport.WrapperFunc) error {`
Fix ingress deployment issue with PSP enabled 2019-08-02 00:35:56 +02:00			`log.Infof(ctx, "[authz] Applying default PodSecurityPolicy Role and RoleBinding in %s", namespace)`
Add support for custom WrapTransport for Kubernetes Client 2018-02-20 13:51:57 +02:00			`k8sClient, err := k8s.NewClient(kubeConfigPath, k8sWrapTransport)`
Enable PodSecurityPolicy support 2017-12-20 03:51:07 +02:00			`if err != nil {`
			`return err`
			`}`
Fix ingress deployment issue with PSP enabled 2019-08-02 00:35:56 +02:00			`if err := k8s.UpdateRoleFromYaml(k8sClient, templates.DefaultPodSecurityRole, namespace); err != nil {`
Enable PodSecurityPolicy support 2017-12-20 03:51:07 +02:00			`return err`
			`}`
Fix ingress deployment issue with PSP enabled 2019-08-02 00:35:56 +02:00			`if err := k8s.UpdateRoleBindingFromYaml(k8sClient, templates.DefaultPodSecurityRoleBinding, namespace); err != nil {`
Enable PodSecurityPolicy support 2017-12-20 03:51:07 +02:00			`return err`
			`}`
Add context.Context to everything and also make logging pluggable 2018-01-09 15:10:56 -07:00			`log.Infof(ctx, "[authz] Default PodSecurityPolicy Role and RoleBinding applied successfully")`
Enable PodSecurityPolicy support 2017-12-20 03:51:07 +02:00			`return nil`
			`}`