remove psp and update cm

kubernetes-sigs · May 29, 2023 · 708af5b · 708af5b
1 parent 2dba8ac
commit 708af5b
Show file tree

Hide file tree

Showing 7 changed files with 37 additions and 143 deletions.
diff --git a/roles/kubernetes-apps/external_provisioner/local_path_provisioner/tasks/main.yml b/roles/kubernetes-apps/external_provisioner/local_path_provisioner/tasks/main.yml
@@ -25,17 +25,6 @@
       - { name: local-path-storage-cm, file: local-path-storage-cm.yml, type: cm }
       - { name: local-path-storage-deployment, file: local-path-storage-deployment.yml, type: deployment }
       - { name: local-path-storage-sc, file: local-path-storage-sc.yml, type: sc }
-    local_path_provisioner_templates_for_psp_not_system_ns:
-      - { name: local-path-storage-psp, file: local-path-storage-psp.yml, type: psp }
-      - { name: local-path-storage-psp-role, file: local-path-storage-psp-cr.yml, type: clusterrole }
-      - { name: local-path-storage-psp-rb, file: local-path-storage-psp-rb.yml, type: rolebinding }
-
-- name: Local Path Provisioner | Insert extra templates to Local Path Provisioner templates list for PodSecurityPolicy
-  set_fact:
-    local_path_provisioner_templates: "{{ local_path_provisioner_templates[:3] + local_path_provisioner_templates_for_psp_not_system_ns + local_path_provisioner_templates[3:] }}"
-  when:
-    - podsecuritypolicy_enabled
-    - local_path_provisioner_namespace != "kube-system"
 
 - name: Local Path Provisioner | Create manifests
   template:

diff --git a/...s-apps/external_provisioner/local_path_provisioner/templates/local-path-storage-cm.yml.j2 b/...s-apps/external_provisioner/local_path_provisioner/templates/local-path-storage-cm.yml.j2
@@ -6,54 +6,30 @@ metadata:
   namespace: {{ local_path_provisioner_namespace }}
 data:
   config.json: |-
-        {
-                "nodePathMap":[
-                {
-                        "node":"DEFAULT_PATH_FOR_NON_LISTED_NODES",
-                        "paths":["{{ local_path_provisioner_claim_root }}"]
-                }
-                ]
-        }
+    {
+            "nodePathMap":[
+            {
+                    "node":"DEFAULT_PATH_FOR_NON_LISTED_NODES",
+                    "paths":["{{ local_path_provisioner_claim_root }}"]
+            }
+            ]
+    }
   setup: |-
-        #!/bin/sh
-        while getopts "m:s:p:" opt
-        do
-            case $opt in
-                p)
-                absolutePath=$OPTARG
-                ;;
-                s)
-                sizeInBytes=$OPTARG
-                ;;
-                m)
-                volMode=$OPTARG
-                ;;
-            esac
-        done
-        mkdir -m 0777 -p ${absolutePath}
+    #!/bin/sh
+    set -eu
+    mkdir -m 0777 -p "$VOL_DIR"
   teardown: |-
-        #!/bin/sh
-        while getopts "m:s:p:" opt
-        do
-            case $opt in
-                p)
-                absolutePath=$OPTARG
-                ;;
-                s)
-                sizeInBytes=$OPTARG
-                ;;
-                m)
-                volMode=$OPTARG
-                ;;
-            esac
-        done
-        rm -rf ${absolutePath}
+    #!/bin/sh
+    set -eu
+    rm -rf "$VOL_DIR"
   helperPod.yaml: |-
-        apiVersion: v1
-        kind: Pod
-        metadata:
-          name: helper-pod
-        spec:
-          containers:
-          - name: helper-pod
-            image: {% if local_path_provisioner_helper_image_repo is defined %}{{ local_path_provisioner_helper_image_repo }}:{{ local_path_provisioner_helper_image_tag }}{% else %}busybox{% endif %}
+    apiVersion: v1
+    kind: Pod
+    metadata:
+      name: helper-pod
+    spec:
+      containers:
+      - name: helper-pod
+        image: {% if local_path_provisioner_helper_image_repo is defined %}{{ local_path_provisioner_helper_image_repo }}:{{ local_path_provisioner_helper_image_tag }}{% else %}busybox{% endif %}
+        imagePullPolicy: IfNotPresent
+
diff --git a/...s-apps/external_provisioner/local_path_provisioner/templates/local-path-storage-cr.yml.j2 b/...s-apps/external_provisioner/local_path_provisioner/templates/local-path-storage-cr.yml.j2
@@ -4,15 +4,15 @@ kind: ClusterRole
 metadata:
   name: local-path-provisioner-role
 rules:
-  - apiGroups: [""]
-    resources: ["nodes", "persistentvolumeclaims", "configmaps"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: [""]
-    resources: ["endpoints", "persistentvolumes", "pods"]
-    verbs: ["*"]
-  - apiGroups: [""]
-    resources: ["events"]
-    verbs: ["create", "patch"]
-  - apiGroups: ["storage.k8s.io"]
-    resources: ["storageclasses"]
-    verbs: ["get", "list", "watch"]
+  - apiGroups: [ "" ]
+    resources: [ "nodes", "persistentvolumeclaims", "configmaps" ]
+    verbs: [ "get", "list", "watch" ]
+  - apiGroups: [ "" ]
+    resources: [ "endpoints", "persistentvolumes", "pods" ]
+    verbs: [ "*" ]
+  - apiGroups: [ "" ]
+    resources: [ "events" ]
+    verbs: [ "create", "patch" ]
+  - apiGroups: [ "storage.k8s.io" ]
+    resources: [ "storageclasses" ]
+    verbs: [ "get", "list", "watch" ]
diff --git a/...ps/external_provisioner/local_path_provisioner/templates/local-path-storage-psp-cr.yml.j2 b/...ps/external_provisioner/local_path_provisioner/templates/local-path-storage-psp-cr.yml.j2
diff --git a/...ps/external_provisioner/local_path_provisioner/templates/local-path-storage-psp-rb.yml.j2 b/...ps/external_provisioner/local_path_provisioner/templates/local-path-storage-psp-rb.yml.j2
diff --git a/...-apps/external_provisioner/local_path_provisioner/templates/local-path-storage-psp.yml.j2 b/...-apps/external_provisioner/local_path_provisioner/templates/local-path-storage-psp.yml.j2
diff --git a/tests/files/packet_almalinux8-calico.yml b/tests/files/packet_almalinux8-calico.yml
@@ -9,6 +9,7 @@ metrics_server_enabled: true
 dashboard_namespace: "kube-dashboard"
 dashboard_enabled: true
 loadbalancer_apiserver_type: haproxy
+local_path_provisioner_enabled: true
 
 # NTP mangement
 ntp_enabled: true