57 lines
1.5 KiB
YAML
57 lines
1.5 KiB
YAML
{{- if (and .Values.global.openshift.enabled (or (and (ne (.Values.client.enabled | toString) "-") .Values.client.enabled) (and (eq (.Values.client.enabled | toString) "-") .Values.global.enabled))) }}
|
|
apiVersion: security.openshift.io/v1
|
|
kind: SecurityContextConstraints
|
|
metadata:
|
|
name: {{ template "consul.fullname" . }}-client
|
|
namespace: {{ .Release.Namespace }}
|
|
labels:
|
|
app: {{ template "consul.name" . }}
|
|
chart: {{ template "consul.chart" . }}
|
|
heritage: {{ .Release.Service }}
|
|
release: {{ .Release.Name }}
|
|
component: client
|
|
annotations:
|
|
kubernetes.io/description: {{ template "consul.fullname" . }}-client are the security context constraints required
|
|
to run the consul client.
|
|
{{- if .Values.client.dataDirectoryHostPath }}
|
|
allowHostDirVolumePlugin: true
|
|
{{- else }}
|
|
allowHostDirVolumePlugin: false
|
|
{{- end}}
|
|
allowHostIPC: false
|
|
allowHostNetwork: {{ .Values.client.hostNetwork }}
|
|
allowHostPID: false
|
|
allowHostPorts: true
|
|
allowPrivilegeEscalation: true
|
|
allowPrivilegedContainer: false
|
|
allowedCapabilities: null
|
|
defaultAddCapabilities: null
|
|
fsGroup:
|
|
type: MustRunAs
|
|
groups: []
|
|
priority: null
|
|
readOnlyRootFilesystem: false
|
|
requiredDropCapabilities:
|
|
- KILL
|
|
- MKNOD
|
|
- SETUID
|
|
- SETGID
|
|
runAsUser:
|
|
type: MustRunAsRange
|
|
seLinuxContext:
|
|
type: MustRunAs
|
|
supplementalGroups:
|
|
type: MustRunAs
|
|
users: []
|
|
volumes:
|
|
- configMap
|
|
- downwardAPI
|
|
- emptyDir
|
|
- persistentVolumeClaim
|
|
- projected
|
|
- secret
|
|
{{- if .Values.client.dataDirectoryHostPath }}
|
|
- hostPath
|
|
{{- end }}
|
|
{{- end}}
|