DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Support existing PSPs in Helm chart

Browse source
This commit is contained in:
Eric Bailey 2021-02-23 18:31:56 -06:00
parent 3e8c8076b4
commit 63e35ac32b
9 changed files with 27 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

4
charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml
View file

@ -22,6 +22,10 @@ rules:
resources: ['podsecuritypolicies']
verbs: ['use']
resourceNames:
{{- with .Values.controller.admissionWebhooks.existingPsp }}
- {{ . }}
{{- else }}
- {{ include "ingress-nginx.fullname" . }}-admission
{{- end }}
{{- end }}
{{- end }}

2
charts/ingress-nginx/templates/admission-webhooks/job-patch/psp.yaml
View file

@ -1,4 +1,4 @@
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled .Values.podSecurityPolicy.enabled -}}
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled .Values.podSecurityPolicy.enabled (empty .Values.controller.admissionWebhooks.existingPsp) -}}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:

2
charts/ingress-nginx/templates/controller-psp.yaml
View file

@ -1,4 +1,4 @@
{{- if .Values.podSecurityPolicy.enabled -}}
{{- if and .Values.podSecurityPolicy.enabled (empty .Values.controller.existingPsp) -}}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:

4
charts/ingress-nginx/templates/controller-role.yaml
View file

@ -82,6 +82,10 @@ rules:
- apiGroups: [{{ template "podSecurityPolicy.apiGroup" . }}]
resources: ['podsecuritypolicies']
verbs: ['use']
{{- with .Values.controller.existingPsp }}
resourceNames: [{{ . }}]
{{- else }}
resourceNames: [{{ include "ingress-nginx.fullname" . }}]
{{- end }}
{{- end }}
{{- end }}

2
charts/ingress-nginx/templates/default-backend-psp.yaml
View file

@ -1,4 +1,4 @@
{{- if and .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled -}}
{{- if and .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled (empty .Values.defaultBackend.existingPsp) -}}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:

4
charts/ingress-nginx/templates/default-backend-role.yaml
View file

@ -10,5 +10,9 @@ rules:
- apiGroups: [{{ template "podSecurityPolicy.apiGroup" . }}]
resources: ['podsecuritypolicies']
verbs: ['use']
{{- with .Values.defaultBackend.existingPsp }}
resourceNames: [{{ . }}]
{{- else }}
resourceNames: [{{ include "ingress-nginx.fullname" . }}-backend]
{{- end }}
{{- end }}