scottk/wlan-cloud-ucentralgw
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/wlan-cloud-ucentralgw.git synced 2025-10-29 09:52:27 +00:00
Code Issues Packages Projects Releases 10 Wiki Activity

Merge branch 'master' into feature/wifi-5420--add-sysctl-context

Browse Source 
Signed-off-by: Dmitry Dunaev <dmitry@opsfleet.com>
This commit is contained in:
Dmitry Dunaev
2021-11-18 12:36:49 +03:00
committed by Dmitry Dunaev
parent 87b054f98d b8c0f95bc5
commit f639ea9b39
54 changed files with 1435 additions and 991 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
helm/templates/deployment.yaml
View File

@@ -25,7 +25,7 @@ spec:
annotations:
checksum/config: {{ include "owgw.config" . | sha256sum }}
{{- if .Values.podSecurityPolicy.enabled }}
kubernetes.io/psp: {{ include "owgw.fullname" . }}-{{ .Release.Namespace }}-unsafe-sysctl
kubernetes.io/psp: {{ include "owgw.fullname" . }}-{{ .Release.Namespace }}-owgw-unsafe-sysctl
{{- end }}
{{- with .Values.podAnnotations }}
{{- toYaml . | nindent 8 }}

2
helm/templates/psp.yaml
View File

@@ -3,7 +3,7 @@
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: {{ include "owgw.fullname" . }}-{{ .Release.Namespace }}-unsafe-sysctl
name: {{ include "owgw.fullname" . }}-{{ .Release.Namespace }}-owgw-unsafe-sysctl
labels:
app.kubernetes.io/name: {{ include "owgw.name" . }}
helm.sh/chart: {{ include "owgw.chart" . }}

16
helm/templates/role.yaml Normal file
View File

@@ -0,0 +1,16 @@
{{- if .Values.podSecurityPolicy.enabled }}
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "owgw.fullname" . }}-owgw-use-unsafe-sysctl
rules:
- apiGroups:
- policy
resources:
- podsecuritypolicies
verbs:
- use
resourceNames:
- {{ include "owgw.fullname" . }}-{{ .Release.Namespace }}-owgw-unsafe-sysctl
{{- end }}

15
helm/templates/rolebinding.yaml Normal file
View File

@@ -0,0 +1,15 @@
{{- if .Values.podSecurityPolicy.enabled }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ include "owgw.fullname" . }}-owgw-use-unsafe-sysctl-to-default
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ include "owgw.fullname" . }}-owgw-use-unsafe-sysctl
subjects:
- kind: ServiceAccount
name: default
namespace: {{ .Release.Namespace }}
{{- end }}