diff options
| author |   Andreas Geissler <andreas-geissler@telekom.de> | 2024-02-28 16:08:06 +0100 |
|---|---|---|
| committer | Andreas Geissler <andreas-geissler@telekom.de> | 2024-03-07 08:33:07 +0100 |
| commit | cde4a784a593555c17146635dcc25013872cabc5 (patch) | |
| tree | ebe7bdf5f2bf48bfb023ad8b1a97c4aed6b3e310 /kubernetes/common/mongodb/templates/psp.yaml | |
| parent | 4753743f0743a6b22f69e718c3cdb4ba8843cea6 (diff) | |
[MONGODB] Update to latest bitnami mongodb chart
Import the latest bitnami mongodb chart and update the
client charts, which use it:
- NBI
- DCAEGEN2/TCAEGEN2 (include Chart.yaml fix)
- MULTICLOUD/K8S
THe new version supports the initial creation of DBs and user
Issue-ID: OOM-3277
Change-Id: I75a475aadb8b84a313527b75f4c69e85624af8ba
Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
Diffstat (limited to 'kubernetes/common/mongodb/templates/psp.yaml')
| -rw-r--r-- | kubernetes/common/mongodb/templates/psp.yaml | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/kubernetes/common/mongodb/templates/psp.yaml b/kubernetes/common/mongodb/templates/psp.yaml new file mode 100644 index 0000000000..61c452b48b --- /dev/null +++ b/kubernetes/common/mongodb/templates/psp.yaml @@ -0,0 +1,51 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and (include "common.capabilities.psp.supported" .) .Values.podSecurityPolicy.create }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ include "mongodb.fullname" . }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: +{{- if .Values.podSecurityPolicy.spec }} +{{ include "common.tplvalues.render" ( dict "value" .Values.podSecurityPolicy.spec "context" $ ) | nindent 2 }} +{{- else }} + allowPrivilegeEscalation: {{ .Values.podSecurityPolicy.allowPrivilegeEscalation }} + fsGroup: + rule: 'MustRunAs' + ranges: + - min: {{ .Values.podSecurityContext.fsGroup }} + max: {{ .Values.podSecurityContext.fsGroup }} + hostIPC: false + hostNetwork: false + hostPID: false + privileged: {{ .Values.podSecurityPolicy.privileged }} + readOnlyRootFilesystem: false + requiredDropCapabilities: + - ALL + runAsUser: + rule: 'MustRunAs' + ranges: + - min: {{ .Values.containerSecurityContext.runAsUser }} + max: {{ .Values.containerSecurityContext.runAsUser }} + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: {{ .Values.containerSecurityContext.runAsUser }} + max: {{ .Values.containerSecurityContext.runAsUser }} + volumes: + - 'configMap' + - 'secret' + - 'emptyDir' + - 'persistentVolumeClaim' +{{- end }} +{{- end }} |