1 {{- if and (.Values.podSecurityPolicy.enabled) }}
2 apiVersion: {{ include "kong.policyVersion" . }}
3 kind: PodSecurityPolicy
5 name: {{ template "kong.serviceAccountName" . }}-psp
7 {{- include "kong.metaLabels" . | nindent 4 }}
8 {{- with .Values.podSecurityPolicy.labels }}
9 {{- range $key, $value := . }}
10 {{ $key }}: {{ $value }}
13 {{- with .Values.podSecurityPolicy.annotations }}
15 {{- range $key, $value := . }}
16 {{ $key }}: {{ $value | quote }}
20 {{ .Values.podSecurityPolicy.spec | toYaml | indent 2 }}
22 apiVersion: rbac.authorization.k8s.io/v1
25 name: {{ template "kong.serviceAccountName" . }}-psp
27 {{- include "kong.metaLabels" . | nindent 4 }}
36 - {{ template "kong.serviceAccountName" . }}-psp
38 apiVersion: rbac.authorization.k8s.io/v1
39 kind: ClusterRoleBinding
41 name: {{ template "kong.serviceAccountName" . }}-psp
42 namespace: {{ template "kong.namespace" . }}
44 {{- include "kong.metaLabels" . | nindent 4 }}
46 - kind: ServiceAccount
47 name: {{ template "kong.serviceAccountName" . }}
48 namespace: {{ template "kong.namespace" . }}
51 name: {{ template "kong.serviceAccountName" . }}-psp
52 apiGroup: rbac.authorization.k8s.io