Merge pull request #6900 from yurrriq/existing-psp
Support existing PSPs in Helm chart
This commit is contained in:
Kubernetes Prow Robot
GitHub
commit
f59db08731
9 changed files with 27 additions and 4 deletions
|
|
@ -4,6 +4,8 @@ This file documents all notable changes to [ingress-nginx](https://github.com/ku
|
||||||
|
|
||||||
### Unreleased
|
### Unreleased
|
||||||
|
|
||||||
|
- [ ] [#6900](https://github.com/kubernetes/ingress-nginx/pull/6900) Support existing PSPs
|
||||||
|
|
||||||
### 3.27.0
|
### 3.27.0
|
||||||
|
|
||||||
- Update ingress-nginx v0.45.0
|
- Update ingress-nginx v0.45.0
|
||||||
|
|
|
||||||
|
|
@ -2,7 +2,7 @@ apiVersion: v2
|
||||||
name: ingress-nginx
|
name: ingress-nginx
|
||||||
# When the version is modified, make sure the artifacthub.io/changes list is updated
|
# When the version is modified, make sure the artifacthub.io/changes list is updated
|
||||||
# Also update CHANGELOG.md
|
# Also update CHANGELOG.md
|
||||||
version: 3.27.0
|
version: 3.28.0
|
||||||
appVersion: 0.45.0
|
appVersion: 0.45.0
|
||||||
home: https://github.com/kubernetes/ingress-nginx
|
home: https://github.com/kubernetes/ingress-nginx
|
||||||
description: Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer
|
description: Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer
|
||||||
|
|
|
||||||
|
|
@ -22,6 +22,10 @@ rules:
|
||||||
resources: ['podsecuritypolicies']
|
resources: ['podsecuritypolicies']
|
||||||
verbs: ['use']
|
verbs: ['use']
|
||||||
resourceNames:
|
resourceNames:
|
||||||
|
{{- with .Values.controller.admissionWebhooks.existingPsp }}
|
||||||
|
- {{ . }}
|
||||||
|
{{- else }}
|
||||||
- {{ include "ingress-nginx.fullname" . }}-admission
|
- {{ include "ingress-nginx.fullname" . }}-admission
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled .Values.podSecurityPolicy.enabled -}}
|
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled .Values.podSecurityPolicy.enabled (empty .Values.controller.admissionWebhooks.existingPsp) -}}
|
||||||
apiVersion: policy/v1beta1
|
apiVersion: policy/v1beta1
|
||||||
kind: PodSecurityPolicy
|
kind: PodSecurityPolicy
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
{{- if .Values.podSecurityPolicy.enabled -}}
|
{{- if and .Values.podSecurityPolicy.enabled (empty .Values.controller.existingPsp) -}}
|
||||||
apiVersion: policy/v1beta1
|
apiVersion: policy/v1beta1
|
||||||
kind: PodSecurityPolicy
|
kind: PodSecurityPolicy
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
||||||
|
|
@ -82,6 +82,10 @@ rules:
|
||||||
- apiGroups: [{{ template "podSecurityPolicy.apiGroup" . }}]
|
- apiGroups: [{{ template "podSecurityPolicy.apiGroup" . }}]
|
||||||
resources: ['podsecuritypolicies']
|
resources: ['podsecuritypolicies']
|
||||||
verbs: ['use']
|
verbs: ['use']
|
||||||
|
{{- with .Values.controller.existingPsp }}
|
||||||
|
resourceNames: [{{ . }}]
|
||||||
|
{{- else }}
|
||||||
resourceNames: [{{ include "ingress-nginx.fullname" . }}]
|
resourceNames: [{{ include "ingress-nginx.fullname" . }}]
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
{{- if and .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled -}}
|
{{- if and .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled (empty .Values.defaultBackend.existingPsp) -}}
|
||||||
apiVersion: policy/v1beta1
|
apiVersion: policy/v1beta1
|
||||||
kind: PodSecurityPolicy
|
kind: PodSecurityPolicy
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
||||||
|
|
@ -10,5 +10,9 @@ rules:
|
||||||
- apiGroups: [{{ template "podSecurityPolicy.apiGroup" . }}]
|
- apiGroups: [{{ template "podSecurityPolicy.apiGroup" . }}]
|
||||||
resources: ['podsecuritypolicies']
|
resources: ['podsecuritypolicies']
|
||||||
verbs: ['use']
|
verbs: ['use']
|
||||||
|
{{- with .Values.defaultBackend.existingPsp }}
|
||||||
|
resourceNames: [{{ . }}]
|
||||||
|
{{- else }}
|
||||||
resourceNames: [{{ include "ingress-nginx.fullname" . }}-backend]
|
resourceNames: [{{ include "ingress-nginx.fullname" . }}-backend]
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
|
||||||
|
|
@ -18,6 +18,9 @@ controller:
|
||||||
runAsUser: 101
|
runAsUser: 101
|
||||||
allowPrivilegeEscalation: true
|
allowPrivilegeEscalation: true
|
||||||
|
|
||||||
|
# Use an existing PSP instead of creating one
|
||||||
|
existingPsp: ""
|
||||||
|
|
||||||
# Configures the ports the nginx-controller listens on
|
# Configures the ports the nginx-controller listens on
|
||||||
containerPort:
|
containerPort:
|
||||||
http: 80
|
http: 80
|
||||||
|
|
@ -473,6 +476,9 @@ controller:
|
||||||
namespaceSelector: {}
|
namespaceSelector: {}
|
||||||
objectSelector: {}
|
objectSelector: {}
|
||||||
|
|
||||||
|
# Use an existing PSP instead of creating one
|
||||||
|
existingPsp: ""
|
||||||
|
|
||||||
service:
|
service:
|
||||||
annotations: {}
|
annotations: {}
|
||||||
# clusterIP: ""
|
# clusterIP: ""
|
||||||
|
|
@ -609,6 +615,9 @@ defaultBackend:
|
||||||
readOnlyRootFilesystem: true
|
readOnlyRootFilesystem: true
|
||||||
allowPrivilegeEscalation: false
|
allowPrivilegeEscalation: false
|
||||||
|
|
||||||
|
# Use an existing PSP instead of creating one
|
||||||
|
existingPsp: ""
|
||||||
|
|
||||||
extraArgs: {}
|
extraArgs: {}
|
||||||
|
|
||||||
serviceAccount:
|
serviceAccount:
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue