Update Kong ingress controller to version 1.4. It fixes the occasional 404 error.

[it/dep.git] / ric-aux / helm / infrastructure / subcharts / kong / templates / psp.yaml

diff --git a/ric-aux/helm/infrastructure/subcharts/kong/templates/psp.yaml b/ric-aux/helm/infrastructure/subcharts/kong/templates/psp.yaml
new file mode 100755 (executable)
index 0000000..a627152
--- /dev/null
+++ b/ric-aux/helm/infrastructure/subcharts/kong/templates/psp.yaml
@@ -0,0 +1,60 @@
+{{- if .Values.podSecurityPolicy.enabled }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "kong.serviceAccountName" . }}-psp
+  labels:
+    {{- include "kong.metaLabels" . | nindent 4 }}
+spec:
+  privileged: false
+  fsGroup:
+    rule: RunAsAny
+  runAsUser:
+    rule: RunAsAny
+  runAsGroup:
+    rule: RunAsAny
+  seLinux:
+    rule: RunAsAny
+  supplementalGroups:
+    rule: RunAsAny
+  volumes:
+    - 'configMap'
+    - 'secret'
+    - 'emptyDir'
+  allowPrivilegeEscalation: false
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "kong.serviceAccountName" . }}-psp
+  labels:
+    {{- include "kong.metaLabels" . | nindent 4 }}
+rules:
+  - apiGroups:
+      - extensions
+    resources:
+      - podsecuritypolicies
+    verbs:
+      - use
+    resourceNames:
+      - {{ template "kong.serviceAccountName" . }}-psp
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "kong.serviceAccountName" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "kong.metaLabels" . | nindent 4 }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "kong.serviceAccountName" . }}
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: {{ template "kong.serviceAccountName" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+{{- end }}