diff --git a/assets/charts/control-plane/calico-host-protection/templates/host-endpoint-controller.yaml b/assets/charts/control-plane/calico-host-protection/templates/host-endpoint-controller.yaml index 2181b6919..a8765e201 100644 --- a/assets/charts/control-plane/calico-host-protection/templates/host-endpoint-controller.yaml +++ b/assets/charts/control-plane/calico-host-protection/templates/host-endpoint-controller.yaml @@ -43,7 +43,7 @@ spec: --- # rbac.yaml -apiVersion: rbac.authorization.k8s.io/v1beta1 +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: calico-hostendpoint-controller-role @@ -61,8 +61,12 @@ rules: - delete # To use kubectl apply on resources that already exist - patch +- apiGroups: ["policy"] + resources: ["podsecuritypolicies"] + verbs: ["use"] + resourceNames: ["zz-minimal"] --- -apiVersion: rbac.authorization.k8s.io/v1beta1 +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: calico-hostendpoint-controller-role-binding diff --git a/pkg/assets/generated_assets.go b/pkg/assets/generated_assets.go index ef06e30b6..3a004ce37 100644 --- a/pkg/assets/generated_assets.go +++ b/pkg/assets/generated_assets.go @@ -4865,9 +4865,9 @@ var vfsgenAssets = func() http.FileSystem { "/charts/control-plane/calico-host-protection/templates/host-endpoint-controller.yaml": &vfsgen۰CompressedFileInfo{ name: "host-endpoint-controller.yaml", modTime: time.Date(1970, 1, 1, 0, 0, 1, 0, time.UTC), - uncompressedSize: 1830, + uncompressedSize: 1930, - compressedContent: []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xa4\x55\x41\x6f\xdb\x3a\x0c\xbe\xfb\x57\x10\xc9\xf5\xc9\x69\x81\x77\x78\xd0\xed\x6d\x1d\x76\xd9\x8a\xa1\x1d\x76\x19\x7a\x60\x64\x26\xd1\x22\x89\x9a\x44\xbb\xf5\x86\xfd\xf7\x41\x76\xe3\xb9\x4b\xd1\xa5\x9d\x4e\x84\x64\xf2\xfb\xf4\x7d\xa4\xbc\x04\x8f\xc1\x6e\x28\x4b\x86\x0d\x27\x30\xec\x23\x07\x0a\x02\x06\x9d\x35\xac\x76\x9c\x85\x42\x13\xd9\x06\x51\x86\x83\x24\x76\x8e\x52\x55\x29\xa5\xaa\x25\x34\x14\x1d\xf7\x9e\x82\xd4\x3d\x7a\x57\x61\xb4\x9f\x28\x65\xcb\x41\x43\x77\x5e\xed\x6d\x68\x34\x5c\x53\xea\xac\xa1\xff\x8d\xe1\x36\x48\xe5\x49\xb0\x41\x41\x5d\x01\x04\xf4\xa4\xff\x84\x35\x7e\x96\x23\x1a\xd2\xb0\x6f\xd7\xa4\x72\x9f\x85\xfc\xc0\x61\x8e\x88\x31\xe6\xd5\x04\x7b\x31\x71\x7b\x00\xe9\x70\x4d\x2e\x97\x08\x4a\xc2\x89\xe8\x2f\x27\x99\x23\x99\x82\x96\x28\x3a\x6b\x30\x6b\x38\xaf\x00\x32\x39\x32\xc2\x69\xe4\xe1\x51\xcc\xee\xdd\x8c\xd8\xa9\xd4\x84\x7c\x74\x28\x74\x5f\x66\x76\xcd\xb2\xdc\x83\x8a\xa7\xd6\x04\x38\x50\x1e\xe2\x07\xe6\x5d\x9e\x26\x45\x59\xc2\x8e\x12\x8a\xe5\x30\x31\x50\xb0\xa7\x5e\x43\xe0\x86\x54\x62\x47\x75\xd1\x29\x05\x12\xca\xb5\xe5\x95\xc7\x2c\x53\x3a\x00\xc7\x92\xcf\x49\xc3\x9b\x3b\x9b\x25\x4f\x07\xb4\xd9\x90\x11\x0d\x97\x7c\x6d\x76\xd4\xb4\x8e\xee\x8f\x0a\x07\xb4\x81\xd2\x0c\xd1\x7a\xdc\x92\x86\xaf\x2d\xf6\x05\x63\x6f\x43\xc7\x6e\xbf\x7a\xfa\x0a\xba\x3b\xab\xcf\xea\x7f\x27\xc4\x13\x3b\x60\x5c\x1d\xbb\xd6\xd3\xfb\x22\xd7\x4c\x7b\x05\xbe\xec\x7c\x40\xd9\x69\x58\x89\x8f\xab\xe9\xe8\x50\x5f\x7c\x54\x8d\x3d\x14\x1a\xcb\x4c\x15\x96\x63\x3e\xd8\x50\xbe\x83\xcc\x70\x4b\x60\x30\x40\xc6\x0d\xb9\x1e\xda\x4c\xb0\x49\xec\x55\x36\xa9\x74\xd3\x78\xf1\x0c\x18\x9a\x15\x27\x48\x84\x8d\xe2\xe0\xfa\x99\x48\x93\x46\x8f\xc1\x03\x90\x8f\xd2\x5f\xd8\xa4\xe1\xfb\x8f\xc3\xbc\xa7\x35\x9a\xe3\x49\x1f\x76\xb1\x95\x1d\x27\xfb\x6d\xb0\xbc\xde\xff\x37\x58\xda\x9d\xaf\x49\xf0\x30\x91\xaf\x5d\x5b\x1c\xbe\x62\x47\xcf\x7e\x05\x86\x86\xa9\x52\xeb\x8a\x24\x0a\x30\xda\xb7\x89\xdb\x98\x35\x7c\x5e\x2c\x6e\x86\xf9\xca\xdc\x26\x43\xc3\x4e\x69\xb1\x3c\x6c\x77\x94\xd6\xc3\xd6\x96\x64\xf1\x0f\x2c\x6e\x8b\x38\x25\x70\x36\xcb\xe2\xe6\xf7\x52\x26\x35\x75\x4c\xfc\x85\x8c\x8c\x7c\x6a\x4e\xdb\xe3\xfa\x73\x92\x73\x9c\x6a\xd0\xd3\x24\x42\xa1\x31\xde\x92\x8c\x41\xc1\x1b\xa3\x36\x36\xd3\x71\x43\x8e\xc6\x78\x09\x1f\x79\x70\xb1\x0c\x85\x11\x57\xa6\xd5\xf5\xc0\xe1\x17\x32\xc8\x0e\x05\xd0\x15\x33\x7b\xa0\xbb\xa9\x62\x2c\x97\x3a\x7a\x0e\x5f\x60\xcb\x2b\x1b\x1a\x1b\xb6\x2f\x73\x47\xad\xef\xb3\x73\xbb\x2e\x02\x0e\x46\x3d\xfa\x0b\xf8\xdb\x37\xb5\xa0\x5d\xd1\xa6\xb0\x3b\xee\xac\xe7\xf4\x13\x4c\xee\x3f\x21\x57\xf5\x33\x00\x00\xff\xff\x04\xc8\x62\x9e\x26\x07\x00\x00"), + compressedContent: []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xa4\x55\xc1\x6e\xdb\x38\x10\xbd\xeb\x2b\x06\xf6\x75\x25\x27\xc0\x1e\x16\xba\xed\x6e\x16\x7b\x69\x83\x22\x29\x7a\x29\x72\x18\x53\x63\x9b\x35\xc9\x61\xc9\xa1\x13\xa5\xe8\xbf\x17\xa4\x62\x55\xb6\x83\xd4\x49\x75\x1a\x90\x9c\xf7\x1e\xdf\xcc\x50\x73\xb0\xe8\xf4\x8a\xa2\x44\x58\x71\x00\xc5\xd6\xb3\x23\x27\xa0\xd0\x68\xc5\xf5\x86\xa3\x90\xeb\x3c\x6b\x27\xb5\x62\x27\x81\x8d\xa1\x50\x55\x75\x5d\x57\x73\xe8\xc8\x1b\xee\x2d\x39\x69\x7a\xb4\xa6\x42\xaf\x3f\x51\x88\x9a\x5d\x0b\xbb\xcb\x6a\xab\x5d\xd7\xc2\x2d\x85\x9d\x56\xf4\xb7\x52\x9c\x9c\x54\x96\x04\x3b\x14\x6c\x2b\x00\x87\x96\xda\x5f\x71\x0d\xc7\xa2\x47\x45\x2d\x6c\xd3\x92\xea\xd8\x47\x21\x5b\x34\x4c\x19\xd1\xfb\xb8\x18\x69\xaf\x46\x6d\x07\x94\x06\x97\x64\x62\x8e\x20\x27\x9c\xc9\xfe\x76\x91\xd1\x93\xca\x6c\x81\xbc\xd1\x0a\x63\x0b\x97\x15\x40\x24\x43\x4a\x38\x0c\x3a\x2c\x8a\xda\xbc\x9b\x08\x3b\x57\x9a\x90\xf5\x06\x85\x9e\x60\x26\xd7\xcc\x9f\x39\x40\x3c\x17\x13\x60\x2f\xb9\xc4\x07\xc5\xbb\x3e\xcf\x8a\xfc\x09\x1b\x0a\x28\x9a\xdd\xa8\xa0\x86\x2d\xf5\x2d\x38\xee\xa8\x0e\x6c\xa8\xc9\x3e\x05\x47\x42\xb1\xd1\xbc\xb0\x18\x65\x4c\x07\x60\x9f\xf3\x39\xb4\xf0\xdf\x83\x8e\x12\xc7\x0d\x5a\xad\x48\x49\x0b\xd7\x7c\xab\x36\xd4\x25\x43\x4f\x5b\x59\x03\x6a\x47\x61\xc2\xa8\x2d\xae\xa9\x85\xaf\x09\xfb\xcc\xb1\xd5\x6e\xc7\x66\xbb\x78\xf9\x0a\xed\xee\xa2\xb9\x68\xfe\x1c\x19\xcf\xec\x80\xe1\xdb\xb1\x49\x96\xde\x67\xbb\x26\xde\xd7\x60\xf3\xca\x07\x94\x4d\x0b\x0b\xb1\x7e\x31\x6e\xed\xf1\xc5\xfa\xba\xd3\x7b\xa0\x01\x66\x44\x98\x0f\xf9\xa0\x5d\x3e\x07\x91\xe1\x9e\x40\xa1\x83\x88\x2b\x32\x3d\xa4\x48\xb0\x0a\x6c\xeb\xa8\x42\xee\xa6\xe1\xe2\x11\xd0\x75\x0b\x0e\x10\x08\xbb\x9a\x9d\xe9\x27\x26\x8d\x1e\x3d\x47\x0f\x40\xd6\x4b\x7f\xa5\x43\x0b\xdf\xbe\xef\xe7\x3d\x2c\x51\x9d\x4e\x7a\x59\xc5\x24\x1b\x0e\xfa\xb1\x94\xbc\xd9\xfe\x55\x4a\x3a\x0e\xe3\xbf\x26\xe5\xe2\xde\xb0\xa1\x57\x3f\x00\xa5\x57\xaa\x90\x4c\x76\xa3\x06\xf4\xfa\xff\xc0\xc9\xc7\x16\x3e\xcf\x66\x77\x65\xb4\x22\xa7\xa0\xa8\xac\xe4\xee\x8a\x65\x79\x47\x61\x59\x96\xd6\x24\xb3\x3f\x60\x76\x9f\x7d\xc9\x81\xd1\x51\x66\x77\xc7\x50\x2a\x74\x8d\x0f\xfc\x85\x94\x0c\x7a\x1a\x0e\xeb\x53\xfc\xa9\xc8\x29\x4f\x55\xac\x54\x81\x50\x68\x88\xd7\x24\x43\x90\xf9\x86\x28\xf9\x6e\xdc\xee\xc8\xd0\x10\xcf\xe1\x23\x97\x02\xe6\x79\x50\x62\xf2\xa0\x9a\x1e\xd8\xfd\x64\x06\xd9\xa0\x00\x9a\x5c\xc7\x1e\xe8\x61\x44\xf4\xf9\x52\xc7\x57\xf1\x6c\xb4\xea\x4f\xb5\x7b\xee\x22\xa9\x14\xb4\xf4\xe5\x88\x3e\x76\x2a\x45\x3a\xc8\xca\xf3\x5e\x36\x1e\x1f\x6b\xab\x9d\xb6\x68\xb2\x71\x47\xef\xee\xeb\xea\xff\x8f\x76\x9d\x76\xeb\xb7\xb5\x41\xbd\x7c\xca\x8e\x69\x99\x2b\x55\x3a\xe2\xd9\xdf\xcc\xef\xbe\xdb\x99\xed\x86\x56\x59\xdd\x69\x0b\xbf\xa6\x71\x61\xac\xcd\x0b\x4e\x55\x3f\x02\x00\x00\xff\xff\x7e\x5d\x02\x1e\x8a\x07\x00\x00"), }, "/charts/control-plane/calico-host-protection/templates/host-endpoints.yaml": &vfsgen۰CompressedFileInfo{ name: "host-endpoints.yaml",