Skip to content

Commit

Permalink
Merge pull request hashicorp#301 from hashicorp/psp-external
Browse files Browse the repository at this point in the history
Update PodSecurityPolicy for exposeGossipPorts
  • Loading branch information
lkysow authored Dec 5, 2019
2 parents 1f8a357 + 96639c2 commit f589822
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 0 deletions.
8 changes: 8 additions & 0 deletions templates/client-podsecuritypolicy.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -25,8 +25,16 @@ spec:
- 'downwardAPI'
hostNetwork: false
hostPorts:
# HTTP Port
- min: 8500
max: 8500
# gRPC Port
- min: 8502
max: 8502
{{- if .Values.client.exposeGossipPorts }}
- min: 8301
max: 8301
{{- end }}
hostIPC: false
hostPID: false
runAsUser:
Expand Down
14 changes: 14 additions & 0 deletions test/unit/client-podsecuritypolicy.bats
Original file line number Diff line number Diff line change
Expand Up @@ -31,3 +31,17 @@ load _helpers
yq -s 'length > 0' | tee /dev/stderr)
[ "${actual}" = "true" ]
}

#--------------------------------------------------------------------
# client.exposeGossipPorts

@test "client/PodSecurityPolicy: hostPort 8301 allowed when exposeGossipPorts=true" {
cd `chart_dir`
local actual=$(helm template \
-x templates/client-podsecuritypolicy.yaml \
--set 'global.enablePodSecurityPolicies=true' \
--set 'client.exposeGossipPorts=true' \
. | tee /dev/stderr |
yq -c '.spec.hostPorts' | tee /dev/stderr)
[ "${actual}" = '[{"min":8500,"max":8500},{"min":8502,"max":8502},{"min":8301,"max":8301}]' ]
}

0 comments on commit f589822

Please sign in to comment.