You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by lh...@apache.org on 2022/02/04 08:41:16 UTC
[pulsar-helm-chart] branch master updated: Make PodSecurityPolicy name unique in k8s cluster when rbac.limit_to_namespace is true (#224)
This is an automated email from the ASF dual-hosted git repository.
lhotari pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar-helm-chart.git
The following commit(s) were added to refs/heads/master by this push:
new 9613ee0 Make PodSecurityPolicy name unique in k8s cluster when rbac.limit_to_namespace is true (#224)
9613ee0 is described below
commit 9613ee029290a23e512d5f247bef69faa6bf796a
Author: Frank Kelly <62...@users.noreply.github.com>
AuthorDate: Fri Feb 4 03:41:10 2022 -0500
Make PodSecurityPolicy name unique in k8s cluster when rbac.limit_to_namespace is true (#224)
- allows having multiple Pulsar clusters in different K8S namespaces but having the same helm release name
- PodSecurityPolicy is a cluster-level-resource and name would collide without this change
---
charts/pulsar/Chart.yaml | 2 +-
charts/pulsar/templates/autorecovery-rbac.yaml | 5 ++++-
charts/pulsar/templates/bookkeeper-rbac.yaml | 5 ++++-
charts/pulsar/templates/broker-rbac.yaml | 5 ++++-
charts/pulsar/templates/proxy-rbac.yaml | 5 ++++-
charts/pulsar/templates/toolset-rbac.yaml | 5 ++++-
charts/pulsar/templates/zookeeper-rbac.yaml | 7 +++++--
7 files changed, 26 insertions(+), 8 deletions(-)
diff --git a/charts/pulsar/Chart.yaml b/charts/pulsar/Chart.yaml
index 3813fc3..6fdd15f 100644
--- a/charts/pulsar/Chart.yaml
+++ b/charts/pulsar/Chart.yaml
@@ -21,7 +21,7 @@ apiVersion: v2
appVersion: "2.7.4"
description: Apache Pulsar Helm chart for Kubernetes
name: pulsar
-version: 2.7.10
+version: 2.7.11
home: https://pulsar.apache.org
sources:
- https://github.com/apache/pulsar
diff --git a/charts/pulsar/templates/autorecovery-rbac.yaml b/charts/pulsar/templates/autorecovery-rbac.yaml
index 78c0447..6885497 100644
--- a/charts/pulsar/templates/autorecovery-rbac.yaml
+++ b/charts/pulsar/templates/autorecovery-rbac.yaml
@@ -59,8 +59,11 @@ subjects:
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
+{{- if .Values.rbac.limit_to_namespace }}
+ name: "{{ template "pulsar.fullname" . }}-{{ .Values.autorecovery.component }}-{{ template "pulsar.namespace" . }}"
+{{- else}}
name: "{{ template "pulsar.fullname" . }}-{{ .Values.autorecovery.component }}"
- namespace: {{ template "pulsar.namespace" . }}
+{{- end}}
spec:
readOnlyRootFilesystem: false
privileged: false
diff --git a/charts/pulsar/templates/bookkeeper-rbac.yaml b/charts/pulsar/templates/bookkeeper-rbac.yaml
index 0b7213d..0eaf2f2 100644
--- a/charts/pulsar/templates/bookkeeper-rbac.yaml
+++ b/charts/pulsar/templates/bookkeeper-rbac.yaml
@@ -59,8 +59,11 @@ subjects:
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
+{{- if .Values.rbac.limit_to_namespace }}
+ name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}-{{ template "pulsar.namespace" . }}"
+{{- else}}
name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}"
- namespace: {{ template "pulsar.namespace" . }}
+{{- end}}
spec:
readOnlyRootFilesystem: false
privileged: false
diff --git a/charts/pulsar/templates/broker-rbac.yaml b/charts/pulsar/templates/broker-rbac.yaml
index f3f3c00..6654435 100644
--- a/charts/pulsar/templates/broker-rbac.yaml
+++ b/charts/pulsar/templates/broker-rbac.yaml
@@ -97,8 +97,11 @@ subjects:
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
+{{- if .Values.rbac.limit_to_namespace }}
+ name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}-{{ template "pulsar.namespace" . }}"
+{{- else}}
name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}"
- namespace: {{ template "pulsar.namespace" . }}
+{{- end}}
spec:
readOnlyRootFilesystem: false
privileged: false
diff --git a/charts/pulsar/templates/proxy-rbac.yaml b/charts/pulsar/templates/proxy-rbac.yaml
index 4b379db..72298ee 100644
--- a/charts/pulsar/templates/proxy-rbac.yaml
+++ b/charts/pulsar/templates/proxy-rbac.yaml
@@ -59,8 +59,11 @@ subjects:
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
+{{- if .Values.rbac.limit_to_namespace }}
+ name: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}-{{ template "pulsar.namespace" . }}"
+{{- else}}
name: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}"
- namespace: {{ template "pulsar.namespace" . }}
+{{- end}}
spec:
readOnlyRootFilesystem: false
privileged: false
diff --git a/charts/pulsar/templates/toolset-rbac.yaml b/charts/pulsar/templates/toolset-rbac.yaml
index ab0f931..c08c6f5 100644
--- a/charts/pulsar/templates/toolset-rbac.yaml
+++ b/charts/pulsar/templates/toolset-rbac.yaml
@@ -59,8 +59,11 @@ subjects:
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
+{{- if .Values.rbac.limit_to_namespace }}
+ name: "{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}-{{ template "pulsar.namespace" . }}"
+{{- else}}
name: "{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}"
- namespace: {{ template "pulsar.namespace" . }}
+{{- end}}
spec:
readOnlyRootFilesystem: false
privileged: false
diff --git a/charts/pulsar/templates/zookeeper-rbac.yaml b/charts/pulsar/templates/zookeeper-rbac.yaml
index 4b541a4..23f80f5 100644
--- a/charts/pulsar/templates/zookeeper-rbac.yaml
+++ b/charts/pulsar/templates/zookeeper-rbac.yaml
@@ -59,8 +59,11 @@ subjects:
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
- name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}"
- namespace: {{ template "pulsar.namespace" . }}
+{{- if .Values.rbac.limit_to_namespace }}
+ name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}-{{ template "pulsar.namespace" . }}"
+{{- else}}
+ name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}"
+{{- end}}
spec:
readOnlyRootFilesystem: false
privileged: false