andata
/
rancher-charts
mirror of https://git.rancher.io/charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

psp related fixes for alerting-drivers chart

pull/2259/head
vardhaman 2022-12-20 08:57:14 +05:30
parent 605469c603
commit ed8dc0d833
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
packages/rancher-alerting/rancher-alerting-drivers/charts/templates/hardened.yaml
View File

@ -52,11 +52,13 @@ rules:
- apiGroups: [""] - apiGroups: [""]
resources: ["serviceaccounts"] resources: ["serviceaccounts"]
verbs: ["get", "patch"] verbs: ["get", "patch"]
{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }}
- apiGroups: ["policy"] - apiGroups: ["policy"]
resources: ["podsecuritypolicies"] resources: ["podsecuritypolicies"]
verbs: ["use"] verbs: ["use"]
resourceNames: resourceNames:
- {{ include "drivers.fullname" . }}-patch-sa - {{ include "drivers.fullname" . }}-patch-sa
{{- end }}
--- ---
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding kind: ClusterRoleBinding
@ -75,6 +77,7 @@ subjects:
name: {{ include "drivers.fullname" . }}-patch-sa name: {{ include "drivers.fullname" . }}-patch-sa
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
--- ---
{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }}
apiVersion: policy/v1beta1 apiVersion: policy/v1beta1
kind: PodSecurityPolicy kind: PodSecurityPolicy
metadata: metadata:
@ -105,6 +108,7 @@ spec:
readOnlyRootFilesystem: false readOnlyRootFilesystem: false
volumes: volumes:
- 'secret' - 'secret'
{{- end }}
--- ---
apiVersion: networking.k8s.io/v1 apiVersion: networking.k8s.io/v1
kind: NetworkPolicy kind: NetworkPolicy