From dcb5292ac5783dd78b6bea201c66c3e2dcfc174d Mon Sep 17 00:00:00 2001
From: lcavajani <33934779+lcavajani@users.noreply.github.com>
Date: Thu, 7 May 2020 03:37:30 +0200
Subject: [PATCH] Remove hostPorts from unprivileged psp (#1040)

hostPorts by definition require to use hostNetwork so
having them allowed in the psp where hostNetwork is
forbidden is not correct.

Signed-off-by: lcavajani <lcavajani@suse.com>
---
 internal/pkg/skuba/addons/psp.go          | 3 ---
 internal/pkg/skuba/kubernetes/versions.go | 2 +-
 2 files changed, 1 insertion(+), 4 deletions(-)

diff --git a/internal/pkg/skuba/addons/psp.go b/internal/pkg/skuba/addons/psp.go
index 2268721ebd..8590d3aa81 100644
--- a/internal/pkg/skuba/addons/psp.go
+++ b/internal/pkg/skuba/addons/psp.go
@@ -300,9 +300,6 @@ spec:
   hostPID: false
   hostIPC: false
   hostNetwork: false
-  hostPorts:
-  - min: 0
-    max: 65535
   # SELinux
   seLinux:
     # SELinux is unused in CaaSP
diff --git a/internal/pkg/skuba/kubernetes/versions.go b/internal/pkg/skuba/kubernetes/versions.go
index 541c80b584..a612225652 100644
--- a/internal/pkg/skuba/kubernetes/versions.go
+++ b/internal/pkg/skuba/kubernetes/versions.go
@@ -106,7 +106,7 @@ var (
 				Dex:           &AddonVersion{"2.16.0", 6},
 				Gangway:       &AddonVersion{"3.1.0-rev4", 5},
 				MetricsServer: &AddonVersion{"0.3.6", 1},
-				PSP:           &AddonVersion{"", 3},
+				PSP:           &AddonVersion{"", 4},
 			},
 		},
 		"1.16.2": KubernetesVersion{