From 123739cbe76b4206adec10020a409584b06d9c12 Mon Sep 17 00:00:00 2001
From: Praveenrajmani <praveen@minio.io>
Date: Wed, 16 Oct 2024 17:19:00 +0530
Subject: [PATCH] add kustomize support for v4.0

---
 .../PodSecurityPolicy-ClusterRoleBinding.yaml | 18 ++++++++++
 resources/v4.0/base/PodSecurityPolicy.yaml    | 34 +++++++++++++++++++
 resources/v4.0/base/kustomization.yaml        | 11 ++++++
 .../PodSecurityPolicy-ClusterRoleBinding.yaml | 18 ++++++++++
 resources/v4.0/legacy/PodSecurityPolicy.yaml  | 34 +++++++++++++++++++
 resources/v4.0/legacy/kustomization.yaml      | 11 ++++++
 .../PodSecurityPolicy-ClusterRoleBinding.yaml | 18 ++++++++++
 .../PodSecurityPolicy.yaml                    | 34 +++++++++++++++++++
 .../openshift-with-legacy/kustomization.yaml  | 11 ++++++
 .../PodSecurityPolicy-ClusterRoleBinding.yaml | 18 ++++++++++
 .../v4.0/openshift/PodSecurityPolicy.yaml     | 34 +++++++++++++++++++
 resources/v4.0/openshift/kustomization.yaml   | 11 ++++++
 12 files changed, 252 insertions(+)
 create mode 100644 resources/v4.0/base/PodSecurityPolicy-ClusterRoleBinding.yaml
 create mode 100644 resources/v4.0/base/PodSecurityPolicy.yaml
 create mode 100644 resources/v4.0/base/kustomization.yaml
 create mode 100644 resources/v4.0/legacy/PodSecurityPolicy-ClusterRoleBinding.yaml
 create mode 100644 resources/v4.0/legacy/PodSecurityPolicy.yaml
 create mode 100644 resources/v4.0/legacy/kustomization.yaml
 create mode 100644 resources/v4.0/openshift-with-legacy/PodSecurityPolicy-ClusterRoleBinding.yaml
 create mode 100644 resources/v4.0/openshift-with-legacy/PodSecurityPolicy.yaml
 create mode 100644 resources/v4.0/openshift-with-legacy/kustomization.yaml
 create mode 100644 resources/v4.0/openshift/PodSecurityPolicy-ClusterRoleBinding.yaml
 create mode 100644 resources/v4.0/openshift/PodSecurityPolicy.yaml
 create mode 100644 resources/v4.0/openshift/kustomization.yaml

diff --git a/resources/v4.0/base/PodSecurityPolicy-ClusterRoleBinding.yaml b/resources/v4.0/base/PodSecurityPolicy-ClusterRoleBinding.yaml
new file mode 100644
index 00000000..636a208c
--- /dev/null
+++ b/resources/v4.0/base/PodSecurityPolicy-ClusterRoleBinding.yaml
@@ -0,0 +1,18 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  creationTimestamp: null
+  labels:
+    application-name: directpv.min.io
+    application-type: CSIDriver
+    directpv.min.io/created-by: kubectl-directpv
+    directpv.min.io/version: v1beta1
+  name: psp-directpv-min-io
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: directpv-min-io
+subjects:
+- apiGroup: rbac.authorization.k8s.io
+  kind: Group
+  name: system:serviceaccounts:directpv-min-io
diff --git a/resources/v4.0/base/PodSecurityPolicy.yaml b/resources/v4.0/base/PodSecurityPolicy.yaml
new file mode 100644
index 00000000..cbe8ea92
--- /dev/null
+++ b/resources/v4.0/base/PodSecurityPolicy.yaml
@@ -0,0 +1,34 @@
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  creationTimestamp: null
+  labels:
+    application-name: directpv.min.io
+    application-type: CSIDriver
+    directpv.min.io/created-by: kubectl-directpv
+    directpv.min.io/version: v1beta1
+  name: directpv-min-io
+spec:
+  allowedCapabilities:
+  - '*'
+  allowedHostPaths:
+  - pathPrefix: /proc
+    readOnly: true
+  - pathPrefix: /sys
+  - pathPrefix: /run/udev/data
+    readOnly: true
+  - pathPrefix: /var/lib/directpv
+  - pathPrefix: /csi
+  - pathPrefix: /var/lib/kubelet
+  fsGroup:
+    rule: RunAsAny
+  hostPID: true
+  privileged: true
+  runAsUser:
+    rule: RunAsAny
+  seLinux:
+    rule: RunAsAny
+  supplementalGroups:
+    rule: RunAsAny
+  volumes:
+  - hostPath
diff --git a/resources/v4.0/base/kustomization.yaml b/resources/v4.0/base/kustomization.yaml
new file mode 100644
index 00000000..5997ddcf
--- /dev/null
+++ b/resources/v4.0/base/kustomization.yaml
@@ -0,0 +1,11 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ../../base
+  - PodSecurityPolicy.yaml
+  - PodSecurityPolicy-ClusterRoleBinding.yaml
+
+images:
+  - name: quay.io/minio/directpv
+    digest: sha256:98c23183f3abb8d9b6e0c300677605cc822e039fc81ce0e5dd8bef1006547627
diff --git a/resources/v4.0/legacy/PodSecurityPolicy-ClusterRoleBinding.yaml b/resources/v4.0/legacy/PodSecurityPolicy-ClusterRoleBinding.yaml
new file mode 100644
index 00000000..636a208c
--- /dev/null
+++ b/resources/v4.0/legacy/PodSecurityPolicy-ClusterRoleBinding.yaml
@@ -0,0 +1,18 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  creationTimestamp: null
+  labels:
+    application-name: directpv.min.io
+    application-type: CSIDriver
+    directpv.min.io/created-by: kubectl-directpv
+    directpv.min.io/version: v1beta1
+  name: psp-directpv-min-io
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: directpv-min-io
+subjects:
+- apiGroup: rbac.authorization.k8s.io
+  kind: Group
+  name: system:serviceaccounts:directpv-min-io
diff --git a/resources/v4.0/legacy/PodSecurityPolicy.yaml b/resources/v4.0/legacy/PodSecurityPolicy.yaml
new file mode 100644
index 00000000..cbe8ea92
--- /dev/null
+++ b/resources/v4.0/legacy/PodSecurityPolicy.yaml
@@ -0,0 +1,34 @@
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  creationTimestamp: null
+  labels:
+    application-name: directpv.min.io
+    application-type: CSIDriver
+    directpv.min.io/created-by: kubectl-directpv
+    directpv.min.io/version: v1beta1
+  name: directpv-min-io
+spec:
+  allowedCapabilities:
+  - '*'
+  allowedHostPaths:
+  - pathPrefix: /proc
+    readOnly: true
+  - pathPrefix: /sys
+  - pathPrefix: /run/udev/data
+    readOnly: true
+  - pathPrefix: /var/lib/directpv
+  - pathPrefix: /csi
+  - pathPrefix: /var/lib/kubelet
+  fsGroup:
+    rule: RunAsAny
+  hostPID: true
+  privileged: true
+  runAsUser:
+    rule: RunAsAny
+  seLinux:
+    rule: RunAsAny
+  supplementalGroups:
+    rule: RunAsAny
+  volumes:
+  - hostPath
diff --git a/resources/v4.0/legacy/kustomization.yaml b/resources/v4.0/legacy/kustomization.yaml
new file mode 100644
index 00000000..88b902bb
--- /dev/null
+++ b/resources/v4.0/legacy/kustomization.yaml
@@ -0,0 +1,11 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ../../legacy
+  - PodSecurityPolicy-ClusterRoleBinding.yaml
+  - PodSecurityPolicy.yaml
+
+images:
+  - name: quay.io/minio/directpv
+    digest: sha256:98c23183f3abb8d9b6e0c300677605cc822e039fc81ce0e5dd8bef1006547627
diff --git a/resources/v4.0/openshift-with-legacy/PodSecurityPolicy-ClusterRoleBinding.yaml b/resources/v4.0/openshift-with-legacy/PodSecurityPolicy-ClusterRoleBinding.yaml
new file mode 100644
index 00000000..636a208c
--- /dev/null
+++ b/resources/v4.0/openshift-with-legacy/PodSecurityPolicy-ClusterRoleBinding.yaml
@@ -0,0 +1,18 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  creationTimestamp: null
+  labels:
+    application-name: directpv.min.io
+    application-type: CSIDriver
+    directpv.min.io/created-by: kubectl-directpv
+    directpv.min.io/version: v1beta1
+  name: psp-directpv-min-io
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: directpv-min-io
+subjects:
+- apiGroup: rbac.authorization.k8s.io
+  kind: Group
+  name: system:serviceaccounts:directpv-min-io
diff --git a/resources/v4.0/openshift-with-legacy/PodSecurityPolicy.yaml b/resources/v4.0/openshift-with-legacy/PodSecurityPolicy.yaml
new file mode 100644
index 00000000..cbe8ea92
--- /dev/null
+++ b/resources/v4.0/openshift-with-legacy/PodSecurityPolicy.yaml
@@ -0,0 +1,34 @@
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  creationTimestamp: null
+  labels:
+    application-name: directpv.min.io
+    application-type: CSIDriver
+    directpv.min.io/created-by: kubectl-directpv
+    directpv.min.io/version: v1beta1
+  name: directpv-min-io
+spec:
+  allowedCapabilities:
+  - '*'
+  allowedHostPaths:
+  - pathPrefix: /proc
+    readOnly: true
+  - pathPrefix: /sys
+  - pathPrefix: /run/udev/data
+    readOnly: true
+  - pathPrefix: /var/lib/directpv
+  - pathPrefix: /csi
+  - pathPrefix: /var/lib/kubelet
+  fsGroup:
+    rule: RunAsAny
+  hostPID: true
+  privileged: true
+  runAsUser:
+    rule: RunAsAny
+  seLinux:
+    rule: RunAsAny
+  supplementalGroups:
+    rule: RunAsAny
+  volumes:
+  - hostPath
diff --git a/resources/v4.0/openshift-with-legacy/kustomization.yaml b/resources/v4.0/openshift-with-legacy/kustomization.yaml
new file mode 100644
index 00000000..c35cfcd6
--- /dev/null
+++ b/resources/v4.0/openshift-with-legacy/kustomization.yaml
@@ -0,0 +1,11 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ../../openshift-with-legacy
+  - PodSecurityPolicy-ClusterRoleBinding.yaml
+  - PodSecurityPolicy.yaml
+
+images:
+  - name: quay.io/minio/directpv
+    digest: sha256:98c23183f3abb8d9b6e0c300677605cc822e039fc81ce0e5dd8bef1006547627
diff --git a/resources/v4.0/openshift/PodSecurityPolicy-ClusterRoleBinding.yaml b/resources/v4.0/openshift/PodSecurityPolicy-ClusterRoleBinding.yaml
new file mode 100644
index 00000000..636a208c
--- /dev/null
+++ b/resources/v4.0/openshift/PodSecurityPolicy-ClusterRoleBinding.yaml
@@ -0,0 +1,18 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  creationTimestamp: null
+  labels:
+    application-name: directpv.min.io
+    application-type: CSIDriver
+    directpv.min.io/created-by: kubectl-directpv
+    directpv.min.io/version: v1beta1
+  name: psp-directpv-min-io
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: directpv-min-io
+subjects:
+- apiGroup: rbac.authorization.k8s.io
+  kind: Group
+  name: system:serviceaccounts:directpv-min-io
diff --git a/resources/v4.0/openshift/PodSecurityPolicy.yaml b/resources/v4.0/openshift/PodSecurityPolicy.yaml
new file mode 100644
index 00000000..cbe8ea92
--- /dev/null
+++ b/resources/v4.0/openshift/PodSecurityPolicy.yaml
@@ -0,0 +1,34 @@
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  creationTimestamp: null
+  labels:
+    application-name: directpv.min.io
+    application-type: CSIDriver
+    directpv.min.io/created-by: kubectl-directpv
+    directpv.min.io/version: v1beta1
+  name: directpv-min-io
+spec:
+  allowedCapabilities:
+  - '*'
+  allowedHostPaths:
+  - pathPrefix: /proc
+    readOnly: true
+  - pathPrefix: /sys
+  - pathPrefix: /run/udev/data
+    readOnly: true
+  - pathPrefix: /var/lib/directpv
+  - pathPrefix: /csi
+  - pathPrefix: /var/lib/kubelet
+  fsGroup:
+    rule: RunAsAny
+  hostPID: true
+  privileged: true
+  runAsUser:
+    rule: RunAsAny
+  seLinux:
+    rule: RunAsAny
+  supplementalGroups:
+    rule: RunAsAny
+  volumes:
+  - hostPath
diff --git a/resources/v4.0/openshift/kustomization.yaml b/resources/v4.0/openshift/kustomization.yaml
new file mode 100644
index 00000000..d30e8689
--- /dev/null
+++ b/resources/v4.0/openshift/kustomization.yaml
@@ -0,0 +1,11 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ../../openshift
+  - PodSecurityPolicy-ClusterRoleBinding.yaml
+  - PodSecurityPolicy.yaml
+
+images:
+  - name: quay.io/minio/directpv
+    digest: sha256:98c23183f3abb8d9b6e0c300677605cc822e039fc81ce0e5dd8bef1006547627