rancher-partner-charts/charts/hashicorp/consul/templates/client-securitycontextconst...

{{- if (and .Values.global.openshift.enabled (or (and (ne (.Values.client.enabled | toString) "-") .Values.client.enabled) (and (eq (.Values.client.enabled | toString) "-") .Values.global.enabled))) }}
apiVersion: security.openshift.io/v1
kind: SecurityContextConstraints
metadata:
  name: {{ template "consul.fullname" . }}-client
  namespace: {{ .Release.Namespace }}
  labels:
    app: {{ template "consul.name" . }}
    chart: {{ template "consul.chart" . }}
    heritage: {{ .Release.Service }}
    release: {{ .Release.Name }}
    component: client
  annotations:
    kubernetes.io/description: {{ template "consul.fullname" . }}-client are the security context constraints required
      to run the consul client.
{{- if .Values.client.dataDirectoryHostPath }}
allowHostDirVolumePlugin: true
{{- else }}
allowHostDirVolumePlugin: false
{{- end}}
allowHostIPC: false
allowHostNetwork: {{ .Values.client.hostNetwork }}
allowHostPID: false
allowHostPorts: true
allowPrivilegeEscalation: true
allowPrivilegedContainer: false
allowedCapabilities: null
defaultAddCapabilities: null
fsGroup:
  type: MustRunAs
groups: []
priority: null
readOnlyRootFilesystem: false
requiredDropCapabilities:
- KILL
- MKNOD
- SETUID
- SETGID
runAsUser:
  type: MustRunAsRange
seLinuxContext:
  type: MustRunAs
supplementalGroups:
  type: MustRunAs
users: []
volumes:
- configMap
- downwardAPI
- emptyDir
- persistentVolumeClaim
- projected
- secret
{{- if .Values.client.dataDirectoryHostPath }}
- hostPath
{{- end }}
{{- end}}
CI Updated Charts Added: hashicorp/consul: - 0.49.0 hashicorp/vault: - 0.22.0 2022-10-18 08:13:05 +00:00			`{{- if (and .Values.global.openshift.enabled (or (and (ne (.Values.client.enabled \| toString) "-") .Values.client.enabled) (and (eq (.Values.client.enabled \| toString) "-") .Values.global.enabled))) }}`
			`apiVersion: security.openshift.io/v1`
			`kind: SecurityContextConstraints`
			`metadata:`
			`name: {{ template "consul.fullname" . }}-client`
			`namespace: {{ .Release.Namespace }}`
			`labels:`
			`app: {{ template "consul.name" . }}`
			`chart: {{ template "consul.chart" . }}`
			`heritage: {{ .Release.Service }}`
			`release: {{ .Release.Name }}`
			`component: client`
			`annotations:`
			`kubernetes.io/description: {{ template "consul.fullname" . }}-client are the security context constraints required`
			`to run the consul client.`
			`{{- if .Values.client.dataDirectoryHostPath }}`
			`allowHostDirVolumePlugin: true`
			`{{- else }}`
			`allowHostDirVolumePlugin: false`
			`{{- end}}`
			`allowHostIPC: false`
			`allowHostNetwork: {{ .Values.client.hostNetwork }}`
			`allowHostPID: false`
			`allowHostPorts: true`
			`allowPrivilegeEscalation: true`
			`allowPrivilegedContainer: false`
			`allowedCapabilities: null`
			`defaultAddCapabilities: null`
			`fsGroup:`
			`type: MustRunAs`
			`groups: []`
			`priority: null`
			`readOnlyRootFilesystem: false`
			`requiredDropCapabilities:`
			`- KILL`
			`- MKNOD`
			`- SETUID`
			`- SETGID`
			`runAsUser:`
			`type: MustRunAsRange`
			`seLinuxContext:`
			`type: MustRunAs`
			`supplementalGroups:`
			`type: MustRunAs`
			`users: []`
			`volumes:`
			`- configMap`
			`- downwardAPI`
			`- emptyDir`
			`- persistentVolumeClaim`
			`- projected`
			`- secret`
			`{{- if .Values.client.dataDirectoryHostPath }}`
			`- hostPath`
			`{{- end }}`
			`{{- end}}`