rancher-partner-charts/charts/hashicorp/consul/templates/server-securitycontextconst...

{{- if (and .Values.global.openshift.enabled .Values.server.exposeGossipAndRPCPorts (or (and (ne (.Values.server.enabled | toString) "-") .Values.server.enabled) (and (eq (.Values.server.enabled | toString) "-") .Values.global.enabled))) }}
apiVersion: security.openshift.io/v1
kind: SecurityContextConstraints
metadata:
  name: {{ template "consul.fullname" . }}-server
  namespace: {{ .Release.Namespace }}
  labels:
    app: {{ template "consul.name" . }}
    chart: {{ template "consul.chart" . }}
    heritage: {{ .Release.Service }}
    release: {{ .Release.Name }}
    component: server
  annotations:
    kubernetes.io/description: {{ template "consul.fullname" . }}-server are the security context constraints required
      to run the consul server.
allowHostPorts: true
allowHostDirVolumePlugin: false
allowHostIPC: false
allowHostPID: false
allowHostNetwork: false
allowPrivilegeEscalation: false
allowPrivilegedContainer: false
allowedCapabilities: null
defaultAddCapabilities: null
fsGroup:
  type: MustRunAs
groups: []
priority: null
readOnlyRootFilesystem: false
requiredDropCapabilities:
- KILL
- MKNOD
- SETUID
- SETGID
runAsUser:
  type: MustRunAsRange
seLinuxContext:
  type: MustRunAs
supplementalGroups:
  type: MustRunAs
users: []
volumes:
- configMap
- downwardAPI
- emptyDir
- persistentVolumeClaim
- projected
- secret
{{- end -}}
CI Updated Charts Added: hashicorp/consul: - 0.49.0 hashicorp/vault: - 0.22.0 2022-10-18 08:13:05 +00:00			`{{- if (and .Values.global.openshift.enabled .Values.server.exposeGossipAndRPCPorts (or (and (ne (.Values.server.enabled \| toString) "-") .Values.server.enabled) (and (eq (.Values.server.enabled \| toString) "-") .Values.global.enabled))) }}`
			`apiVersion: security.openshift.io/v1`
			`kind: SecurityContextConstraints`
			`metadata:`
			`name: {{ template "consul.fullname" . }}-server`
			`namespace: {{ .Release.Namespace }}`
			`labels:`
			`app: {{ template "consul.name" . }}`
			`chart: {{ template "consul.chart" . }}`
			`heritage: {{ .Release.Service }}`
			`release: {{ .Release.Name }}`
			`component: server`
			`annotations:`
			`kubernetes.io/description: {{ template "consul.fullname" . }}-server are the security context constraints required`
			`to run the consul server.`
			`allowHostPorts: true`
			`allowHostDirVolumePlugin: false`
			`allowHostIPC: false`
			`allowHostPID: false`
			`allowHostNetwork: false`
			`allowPrivilegeEscalation: false`
			`allowPrivilegedContainer: false`
			`allowedCapabilities: null`
			`defaultAddCapabilities: null`
			`fsGroup:`
			`type: MustRunAs`
			`groups: []`
			`priority: null`
			`readOnlyRootFilesystem: false`
			`requiredDropCapabilities:`
			`- KILL`
			`- MKNOD`
			`- SETUID`
			`- SETGID`
			`runAsUser:`
			`type: MustRunAsRange`
			`seLinuxContext:`
			`type: MustRunAs`
			`supplementalGroups:`
			`type: MustRunAs`
			`users: []`
			`volumes:`
			`- configMap`
			`- downwardAPI`
			`- emptyDir`
			`- persistentVolumeClaim`
			`- projected`
			`- secret`
			`{{- end -}}`