apache/pulsar-helm-chart
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Make PodSecurityPolicy name unique in k8s cluster when rbac.limit_to_namespace is true (#224)

Browse Source 
- allows having multiple Pulsar clusters in different K8S namespaces but having the same helm release name
  - PodSecurityPolicy is a cluster-level-resource and name would collide without this change
This commit is contained in:
Frank Kelly 2022-02-04 03:41:10 -05:00 committed by GitHub
parent dd0e6d827d
commit 9613ee0292
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 26 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
charts/pulsar/Chart.yaml
View File

@ -21,7 +21,7 @@ apiVersion: v2
appVersion: "2.7.4" appVersion: "2.7.4"
description: Apache Pulsar Helm chart for Kubernetes description: Apache Pulsar Helm chart for Kubernetes
name: pulsar name: pulsar
version: 2.7.10 version: 2.7.11
home: https://pulsar.apache.org home: https://pulsar.apache.org
sources: sources:
- https://github.com/apache/pulsar - https://github.com/apache/pulsar

5
charts/pulsar/templates/autorecovery-rbac.yaml
View File

@ -59,8 +59,11 @@ subjects:
apiVersion: policy/v1beta1 apiVersion: policy/v1beta1
kind: PodSecurityPolicy kind: PodSecurityPolicy
metadata: metadata:
{{- if .Values.rbac.limit_to_namespace }}
name: "{{ template "pulsar.fullname" . }}-{{ .Values.autorecovery.component }}-{{ template "pulsar.namespace" . }}"
{{- else}}
name: "{{ template "pulsar.fullname" . }}-{{ .Values.autorecovery.component }}" name: "{{ template "pulsar.fullname" . }}-{{ .Values.autorecovery.component }}"
namespace: {{ template "pulsar.namespace" . }} {{- end}}
spec: spec:
readOnlyRootFilesystem: false readOnlyRootFilesystem: false
privileged: false privileged: false

5
charts/pulsar/templates/bookkeeper-rbac.yaml
View File

@ -59,8 +59,11 @@ subjects:
apiVersion: policy/v1beta1 apiVersion: policy/v1beta1
kind: PodSecurityPolicy kind: PodSecurityPolicy
metadata: metadata:
{{- if .Values.rbac.limit_to_namespace }}
name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}-{{ template "pulsar.namespace" . }}"
{{- else}}
name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}" name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}"
namespace: {{ template "pulsar.namespace" . }} {{- end}}
spec: spec:
readOnlyRootFilesystem: false readOnlyRootFilesystem: false
privileged: false privileged: false

5
charts/pulsar/templates/broker-rbac.yaml
View File

@ -97,8 +97,11 @@ subjects:
apiVersion: policy/v1beta1 apiVersion: policy/v1beta1
kind: PodSecurityPolicy kind: PodSecurityPolicy
metadata: metadata:
{{- if .Values.rbac.limit_to_namespace }}
name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}-{{ template "pulsar.namespace" . }}"
{{- else}}
name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}" name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}"
namespace: {{ template "pulsar.namespace" . }} {{- end}}
spec: spec:
readOnlyRootFilesystem: false readOnlyRootFilesystem: false
privileged: false privileged: false

5
charts/pulsar/templates/proxy-rbac.yaml
View File

@ -59,8 +59,11 @@ subjects:
apiVersion: policy/v1beta1 apiVersion: policy/v1beta1
kind: PodSecurityPolicy kind: PodSecurityPolicy
metadata: metadata:
{{- if .Values.rbac.limit_to_namespace }}
name: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}-{{ template "pulsar.namespace" . }}"
{{- else}}
name: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}" name: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}"
namespace: {{ template "pulsar.namespace" . }} {{- end}}
spec: spec:
readOnlyRootFilesystem: false readOnlyRootFilesystem: false
privileged: false privileged: false

5
charts/pulsar/templates/toolset-rbac.yaml
View File

@ -59,8 +59,11 @@ subjects:
apiVersion: policy/v1beta1 apiVersion: policy/v1beta1
kind: PodSecurityPolicy kind: PodSecurityPolicy
metadata: metadata:
{{- if .Values.rbac.limit_to_namespace }}
name: "{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}-{{ template "pulsar.namespace" . }}"
{{- else}}
name: "{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}" name: "{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}"
namespace: {{ template "pulsar.namespace" . }} {{- end}}
spec: spec:
readOnlyRootFilesystem: false readOnlyRootFilesystem: false
privileged: false privileged: false

7
charts/pulsar/templates/zookeeper-rbac.yaml
View File

@ -59,8 +59,11 @@ subjects:
apiVersion: policy/v1beta1 apiVersion: policy/v1beta1
kind: PodSecurityPolicy kind: PodSecurityPolicy
metadata: metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}" {{- if .Values.rbac.limit_to_namespace }}
namespace: {{ template "pulsar.namespace" . }} name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}-{{ template "pulsar.namespace" . }}"
{{- else}}
name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}"
{{- end}}
spec: spec:
readOnlyRootFilesystem: false readOnlyRootFilesystem: false
privileged: false privileged: false