DevFW-CICD/ingress-nginx-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Controller/PSP: Improve comments.

Browse source
This commit is contained in:
Marco Ebert 2023-10-06 18:29:24 +02:00
parent 564a7138e6
commit d649900010
1 changed files with 6 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
charts/ingress-nginx/templates/controller-psp.yaml
View file

@ -24,7 +24,6 @@ spec:
{{- end }} {{- end }}
privileged: false privileged: false
allowPrivilegeEscalation: true allowPrivilegeEscalation: true
# Allow core volume types.
volumes: volumes:
- configMap - configMap
- emptyDir - emptyDir
@ -38,34 +37,34 @@ spec:
hostPorts: hostPorts:
{{- if .Values.controller.hostNetwork }} {{- if .Values.controller.hostNetwork }}
{{- range $key, $value := .Values.controller.containerPort }} {{- range $key, $value := .Values.controller.containerPort }}
# {{ $key }} # controller.containerPort.{{ $key }}
- min: {{ $value }} - min: {{ $value }}
max: {{ $value }} max: {{ $value }}
{{- end }} {{- end }}
{{- else if .Values.controller.hostPort.enabled }} {{- else if .Values.controller.hostPort.enabled }}
{{- range $key, $value := .Values.controller.hostPort.ports }} {{- range $key, $value := .Values.controller.hostPort.ports }}
# {{ $key }} # controller.hostPort.ports.{{ $key }}
- min: {{ $value }} - min: {{ $value }}
max: {{ $value }} max: {{ $value }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- if .Values.controller.metrics.enabled }} {{- if .Values.controller.metrics.enabled }}
# metrics # controller.metrics.port
- min: {{ .Values.controller.metrics.port }} - min: {{ .Values.controller.metrics.port }}
max: {{ .Values.controller.metrics.port }} max: {{ .Values.controller.metrics.port }}
{{- end }} {{- end }}
{{- if .Values.controller.admissionWebhooks.enabled }} {{- if .Values.controller.admissionWebhooks.enabled }}
# admission webhooks # controller.admissionWebhooks.port
- min: {{ .Values.controller.admissionWebhooks.port }} - min: {{ .Values.controller.admissionWebhooks.port }}
max: {{ .Values.controller.admissionWebhooks.port }} max: {{ .Values.controller.admissionWebhooks.port }}
{{- end }} {{- end }}
{{- range $key, $value := .Values.tcp }} {{- range $key, $value := .Values.tcp }}
# {{ $key }}-tcp # tcp.{{ $key }}
- min: {{ $key }} - min: {{ $key }}
max: {{ $key }} max: {{ $key }}
{{- end }} {{- end }}
{{- range $key, $value := .Values.udp }} {{- range $key, $value := .Values.udp }}
# {{ $key }}-udp # udp.{{ $key }}
- min: {{ $key }} - min: {{ $key }}
max: {{ $key }} max: {{ $key }}
{{- end }} {{- end }}
@ -73,18 +72,15 @@ spec:
hostIPC: false hostIPC: false
hostPID: false hostPID: false
runAsUser: runAsUser:
# Require the container to run without root privileges.
rule: MustRunAsNonRoot rule: MustRunAsNonRoot
supplementalGroups: supplementalGroups:
rule: MustRunAs rule: MustRunAs
ranges: ranges:
# Forbid adding the root group.
- min: 1 - min: 1
max: 65535 max: 65535
fsGroup: fsGroup:
rule: MustRunAs rule: MustRunAs
ranges: ranges:
# Forbid adding the root group.
- min: 1 - min: 1
max: 65535 max: 65535
readOnlyRootFilesystem: false readOnlyRootFilesystem: false