mirror of https://git.rancher.io/charts
add condition to check for PSP capability in rancher-gatekeeper-crd
parent
2c1e0bd6bf
commit
5d1f34e8dd
|
@ -20,7 +20,7 @@
|
|||
tag: v3.10.0
|
||||
pullPolicy: IfNotPresent
|
||||
pullSecrets: []
|
||||
@@ -80,8 +80,8 @@
|
||||
@@ -80,7 +80,7 @@
|
||||
probeWebhook:
|
||||
enabled: true
|
||||
image:
|
||||
|
@ -29,7 +29,6 @@
|
|||
tag: 7.83.1
|
||||
pullPolicy: IfNotPresent
|
||||
pullSecrets: []
|
||||
waitTimeout: 60
|
||||
@@ -104,7 +104,7 @@
|
||||
extraRules: []
|
||||
enabled: false
|
||||
|
|
|
@ -10,11 +10,13 @@ rules:
|
|||
resources:
|
||||
- customresourcedefinitions
|
||||
verbs: ['create', 'get', 'patch', 'delete']
|
||||
{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }}
|
||||
- apiGroups: ['policy']
|
||||
resources: ['podsecuritypolicies']
|
||||
verbs: ['use']
|
||||
resourceNames:
|
||||
- {{ .Chart.Name }}-manager
|
||||
{{- end }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
|
@ -39,6 +41,7 @@ metadata:
|
|||
labels:
|
||||
app: {{ .Chart.Name }}-manager
|
||||
---
|
||||
{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }}
|
||||
apiVersion: policy/v1beta1
|
||||
kind: PodSecurityPolicy
|
||||
metadata:
|
||||
|
@ -70,3 +73,4 @@ spec:
|
|||
volumes:
|
||||
- 'configMap'
|
||||
- 'secret'
|
||||
{{- end }}
|
||||
|
|
Loading…
Reference in New Issue