Add helm chart for psp-rolebinding
This commit adds a helm chart that deploys a rolebinding to allow application deployments to a specified namespace after the PodSecurityPolicy plugin is enabled on the Kubernetes cluster. Partial-bug: 1878900 Change-Id: I58270da3596eea536bc5b96a2e8a4d62e4138afc Signed-off-by: Jerry Sun <jerry.sun@windriver.com>
This commit is contained in:
parent
78cacfb0d7
commit
d0c56528d2
@ -0,0 +1,5 @@
|
||||
apiVersion: v1
|
||||
appVersion: "1.0"
|
||||
description: A Helm chart for PSP role bindings
|
||||
name: psp-rolebinding
|
||||
version: 0.1.0
|
@ -0,0 +1,21 @@
|
||||
{{/*
|
||||
#
|
||||
# Copyright (c) 2020 Wind River Systems, Inc.
|
||||
#
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
#
|
||||
*/}}
|
||||
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: {{ .Values.rolebindingNamespace }}-privileged-psp-users
|
||||
namespace: {{ .Values.rolebindingNamespace }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: privileged-psp-user
|
||||
subjects:
|
||||
- kind: Group
|
||||
name: system:serviceaccounts:{{ .Values.serviceAccount }}
|
||||
apiGroup: rbac.authorization.k8s.io
|
@ -0,0 +1,8 @@
|
||||
#
|
||||
# Copyright (c) 2020 Wind River Systems, Inc.
|
||||
#
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
#
|
||||
|
||||
rolebindingNamespace: default
|
||||
serviceAccount: default
|
Loading…
x
Reference in New Issue
Block a user