Skip to content

Commit

Permalink
Removed hostNetwork: true from linkerd-cni Helm chart templates (#11158)
Browse files Browse the repository at this point in the history 
Problem - Current does Linkerd CNI Helm chart templates have hostNetwork: true set which is unnecessary and less secure.

Solution - Removed hostNetwork: true from linkerd-cni Helm chart templates

PR Fixes #11141 
---------

Signed-off-by: Abhijeet Gaurav <abhijeetdav24aug@gmail.com>
Co-authored-by: Alejandro Pedraza <alejandro@buoyant.io>
  • Loading branch information
@abhijeetgauravm @alpeb
abhijeetgauravm and alpeb committed Aug 3, 2023
1 parent 928f2be commit bca15f5
Show file tree
Hide file tree
Showing 9 changed files with 0 additions and 10 deletions.
2 changes: 0 additions & 2 deletions charts/linkerd2-cni/templates/cni-plugin.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,6 @@ spec:
{{- end }}
fsGroup:
rule: RunAsAny
hostNetwork: true
runAsUser:
rule: RunAsAny
seLinux:
Expand Down Expand Up @@ -211,7 +210,6 @@ spec:
affinity:
{{- include "linkerd.node-affinity" . | nindent 8 }}
{{- end }}
hostNetwork: true
securityContext:
seccompProfile:
type: RuntimeDefault
Expand Down
1 change: 0 additions & 1 deletion cli/cmd/testdata/install-cni-plugin_default.golden
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 0 additions & 1 deletion cli/cmd/testdata/install-cni-plugin_fully_configured.golden
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 0 additions & 1 deletion cli/cmd/testdata/install-cni-plugin_fully_configured_equal_dsts.golden
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 0 additions & 1 deletion cli/cmd/testdata/install-cni-plugin_fully_configured_no_namespace.golden
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 0 additions & 1 deletion cli/cmd/testdata/install-cni-plugin_skip_ports.golden
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 0 additions & 1 deletion cli/cmd/testdata/install_cni_helm_default_output.golden
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 0 additions & 1 deletion cli/cmd/testdata/install_cni_helm_override_output.golden
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 0 additions & 1 deletion pkg/healthcheck/healthcheck_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2418,7 +2418,6 @@ spec:
spec:
nodeSelector:
kubernetes.io/os: linux
hostNetwork: true
serviceAccountName: linkerd-cni
containers:
- name: install-cni
Expand Down

0 comments on commit bca15f5

Please sign in to comment.