vendor update for CSI 0.3.0

2025-06-14 18:53:35 +00:00 · 2018-07-18 16:47:22 +02:00
parent 6f484f92fc
commit 8ea659f0d5
6810 changed files with 438061 additions and 193861 deletions
--- a/vendor/k8s.io/kubernetes/cluster/gce/addons/podsecuritypolicies/persistent-volume-binder-role.yaml
+++ b/vendor/k8s.io/kubernetes/cluster/gce/addons/podsecuritypolicies/persistent-volume-binder-role.yaml
@ -11,7 +11,7 @@ metadata:
    addonmanager.kubernetes.io/mode: Reconcile
 rules:
 - apiGroups:
-  - extensions
+  - policy
  resourceNames:
  - gce.persistent-volume-binder
  resources:
--- a/vendor/k8s.io/kubernetes/cluster/gce/addons/podsecuritypolicies/persistent-volume-binder.yaml
+++ b/vendor/k8s.io/kubernetes/cluster/gce/addons/podsecuritypolicies/persistent-volume-binder.yaml
@ -1,12 +1,12 @@
-apiVersion: extensions/v1beta1
+apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
 metadata:
  name: gce.persistent-volume-binder
  annotations:
    kubernetes.io/description: 'Policy used by the persistent-volume-binder
      (a.k.a. persistentvolume-controller) to run recycler pods.'
-    # TODO: This should use the default seccomp profile.
-    seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
+    seccomp.security.alpha.kubernetes.io/defaultProfileName:  'docker/default'
+    seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'runtime/default,docker/default'
  labels:
    kubernetes.io/cluster-service: 'true'
    addonmanager.kubernetes.io/mode: Reconcile
--- a/vendor/k8s.io/kubernetes/cluster/gce/addons/podsecuritypolicies/privileged-role.yaml
+++ b/vendor/k8s.io/kubernetes/cluster/gce/addons/podsecuritypolicies/privileged-role.yaml
@ -7,7 +7,7 @@ metadata:
    addonmanager.kubernetes.io/mode: Reconcile
 rules:
 - apiGroups:
-  - extensions
+  - policy
  resourceNames:
  - gce.privileged
  resources:
--- a/vendor/k8s.io/kubernetes/cluster/gce/addons/podsecuritypolicies/privileged.yaml
+++ b/vendor/k8s.io/kubernetes/cluster/gce/addons/podsecuritypolicies/privileged.yaml
@ -1,4 +1,4 @@
-apiVersion: extensions/v1beta1
+apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
 metadata:
  name: gce.privileged
--- a/vendor/k8s.io/kubernetes/cluster/gce/addons/podsecuritypolicies/unprivileged-addon-role.yaml
+++ b/vendor/k8s.io/kubernetes/cluster/gce/addons/podsecuritypolicies/unprivileged-addon-role.yaml
@ -8,7 +8,7 @@ metadata:
    addonmanager.kubernetes.io/mode: Reconcile
 rules:
 - apiGroups:
-  - extensions
+  - policy
  resourceNames:
  - gce.unprivileged-addon
  resources:
--- a/vendor/k8s.io/kubernetes/cluster/gce/addons/podsecuritypolicies/unprivileged-addon.yaml
+++ b/vendor/k8s.io/kubernetes/cluster/gce/addons/podsecuritypolicies/unprivileged-addon.yaml
@ -1,4 +1,4 @@
-apiVersion: extensions/v1beta1
+apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
 metadata:
  name: gce.unprivileged-addon
@ -7,8 +7,8 @@ metadata:
      privilege necessary to run non-privileged kube-system pods. This policy is
      not intended for use outside of kube-system, and may include further
      restrictions in the future.'
-    # TODO: Addons should use the default seccomp profile.
-    seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
+    seccomp.security.alpha.kubernetes.io/defaultProfileName:  'docker/default'
+    seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'runtime/default,docker/default'
    # 'runtime/default' is already the default, but must be filled in on the
    # pod to pass admission.
    apparmor.security.beta.kubernetes.io/defaultProfileName:  'runtime/default'