mirror of
https://github.com/rancher/rke.git
synced 2025-08-17 06:16:58 +00:00
36 lines
1.0 KiB
Go
36 lines
1.0 KiB
Go
|
package authz
|
||
|
|
|
||
|
|
import (
|
||
|
|
"github.com/rancher/rke/k8s"
|
||
|
|
"github.com/sirupsen/logrus"
|
||
|
|
)
|
||
|
|
|
||
|
|
func ApplyDefaultPodSecurityPolicy(kubeConfigPath string) error {
|
||
|
|
logrus.Infof("[authz] Applying default PodSecurityPolicy")
|
||
|
|
k8sClient, err := k8s.NewClient(kubeConfigPath)
|
||
|
|
if err != nil {
|
||
|
|
return err
|
||
|
|
}
|
||
|
|
if err := k8s.UpdatePodSecurityPolicyFromYaml(k8sClient, DefaultPodSecurityPolicy); err != nil {
|
||
|
|
return err
|
||
|
|
}
|
||
|
|
logrus.Infof("[authz] Default PodSecurityPolicy applied successfully")
|
||
|
|
return nil
|
||
|
|
}
|
||
|
|
|
||
|
|
func ApplyDefaultPodSecurityPolicyRole(kubeConfigPath string) error {
|
||
|
|
logrus.Infof("[authz] Applying default PodSecurityPolicy Role and RoleBinding")
|
||
|
|
k8sClient, err := k8s.NewClient(kubeConfigPath)
|
||
|
|
if err != nil {
|
||
|
|
return err
|
||
|
|
}
|
||
|
|
if err := k8s.UpdateRoleFromYaml(k8sClient, DefaultPodSecurityRole); err != nil {
|
||
|
|
return err
|
||
|
|
}
|
||
|
|
if err := k8s.UpdateRoleBindingFromYaml(k8sClient, DefaultPodSecurityRoleBinding); err != nil {
|
||
|
|
return err
|
||
|
|
}
|
||
|
|
logrus.Infof("[authz] Default PodSecurityPolicy Role and RoleBinding applied successfully")
|
||
|
|
return nil
|
||
|
|
}
|