remove psp example

90er · Mar 4, 2024 · 2cf8d01 · 2cf8d01
1 parent ca0ba3a
commit 2cf8d01
Showing 1 changed file with 0 additions and 143 deletions.
diff --git a/user/pages/02.deploying/02.kubernetes/docs.md b/user/pages/02.deploying/02.kubernetes/docs.md
@@ -57,149 +57,6 @@ For PSA in Kubernetes 1.25+, label the NeuVector namespace with privileged profi
 <code>
 $ kubectl label  namespace neuvector "pod-security.kubernetes.io/enforce=privileged"
 </code></pre>
-Sample PSP (1.24 and earlier)
-<pre>
-<code>
-apiVersion: policy/v1beta1
-kind: PodSecurityPolicy
-metadata:
-  name: neuvector-binding-psp
-  annotations:
-    seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
-spec:
-  privileged: true
-  readOnlyRootFilesystem: false
-  allowPrivilegeEscalation: true
-  allowedCapabilities:
-  - SYS_ADMIN
-  - NET_ADMIN
-  - SYS_PTRACE
-  - IPC_LOCK
-  requiredDropCapabilities:
-  - ALL
-  volumes:
-  - '*'
-  hostNetwork: true
-  hostPorts:
-  - min: 0
-    max: 65535
-  hostIPC: true
-  hostPID: true
-  runAsUser:
-    rule: 'RunAsAny'
-  seLinux:
-    rule: 'RunAsAny'
-  supplementalGroups:
-    rule: 'RunAsAny'
-  fsGroup:
-    rule: 'RunAsAny'
-
----
-
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: neuvector-binding-psp
-  namespace: neuvector
-rules:
-- apiGroups:
-  - policy
-  - extensions
-  resources:
-  - podsecuritypolicies
-  verbs:
-  - use
-  resourceNames:
-  - neuvector-binding-psp
-
----
-
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: neuvector-binding-psp
-  namespace: neuvector
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: neuvector-binding-psp
-subjects:
-- kind: ServiceAccount
-  name: enforcer
-  namespace: neuvector
-
----
-
-apiVersion: policy/v1beta1
-kind: PodSecurityPolicy
-metadata:
-  name: neuvector-binding-psp-controller
-spec:
-  privileged: false
-  readOnlyRootFilesystem: false
-  allowPrivilegeEscalation: false
-  allowedCapabilities: null
-  requiredDropCapabilities:
-  - ALL
-  volumes:
-  - configMap
-  - downwardAPI
-  - emptyDir
-  - persistentVolumeClaim
-  - azureFile
-  - projected
-  - secret
-  hostNetwork: false
-  hostIPC: false
-  hostPID: false
-  runAsUser:
-    rule: 'RunAsAny'
-  seLinux:
-    rule: 'RunAsAny'
-  supplementalGroups:
-    rule: 'RunAsAny'
-  fsGroup:
-    rule: 'RunAsAny'
-
----
-
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: neuvector-binding-psp-controller
-  namespace: neuvector
-rules:
-- apiGroups:
-  - policy
-  - extensions
-  resources:
-  - podsecuritypolicies
-  verbs:
-  - use
-  resourceNames:
-  - neuvector-binding-psp-controller
-
----
-
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: neuvector-binding-psp-controller
-  namespace: neuvector
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: neuvector-binding-psp-controller
-subjects:
-- kind: ServiceAccount
-  name: controller
-  namespace: neuvector</code></pre>
-
-Then create the PSP
-<pre>
-<code>
-kubectl create -f nv_psp.yaml</code></pre>
-</li>
 <li>
 Create the custom resources (CRD) for NeuVector security rules. For Kubernetes 1.19+:
 <pre>