Skip to content
This repository has been archived by the owner on May 16, 2023. It is now read-only.

Commit

Permalink
Allow projected volumes in elasticsearch, logstash and metricbeat
Browse files Browse the repository at this point in the history
Allow specification of PodSecurityPolicy in metricbeat/values.yml

Signed-off-by: Karl-Philipp Richter <krichter@posteo.de>
  • Loading branch information
krichter722 committed May 13, 2020
1 parent e299c4d commit d4402df
Show file tree
Hide file tree
Showing 4 changed files with 35 additions and 0 deletions.
1 change: 1 addition & 0 deletions elasticsearch/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -114,6 +114,7 @@ podSecurityPolicy:
- secret
- configMap
- persistentVolumeClaim
- projected

persistence:
enabled: true
Expand Down
1 change: 1 addition & 0 deletions logstash/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -89,6 +89,7 @@ podSecurityPolicy:
- secret
- configMap
- persistentVolumeClaim
- projected

persistence:
enabled: false
Expand Down
14 changes: 14 additions & 0 deletions metricbeat/templates/podsecuritypolicy.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
{{- if .Values.podSecurityPolicy.create -}}
{{- $fullName := include "metricbeat.fullname" . -}}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: {{ default $fullName .Values.podSecurityPolicy.name | quote }}
labels:
app: "{{ template "metricbeat.fullname" . }}"
chart: "{{ .Chart.Name }}"
heritage: {{ .Release.Service | quote }}
release: {{ .Release.Name | quote }}
spec:
{{ toYaml .Values.podSecurityPolicy.spec | indent 2 }}
{{- end -}}
19 changes: 19 additions & 0 deletions metricbeat/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -218,6 +218,25 @@ clusterRoleRules:
- nodes/stats
verbs: ["get"]

podSecurityPolicy:
create: false
name: ""
spec:
privileged: true
fsGroup:
rule: RunAsAny
runAsUser:
rule: RunAsAny
seLinux:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
volumes:
- secret
- configMap
- persistentVolumeClaim
- projected

podAnnotations: {}
# iam.amazonaws.com/role: es-cluster

Expand Down

0 comments on commit d4402df

Please sign in to comment.