Adding open-appsec-kong helm chart to repo based on kong 2.16.1

2025-10-01 12:07:43 +03:00 · 2023-05-02 14:30:33 +03:00
parent 2c750513a1
commit 240f58217a
132 changed files with 17727 additions and 0 deletions
--- a/build_system/charts/open-appsec-kong/templates/psp.yaml
+++ b/build_system/charts/open-appsec-kong/templates/psp.yaml
@@ -0,0 +1,53 @@
+{{- if and (.Values.podSecurityPolicy.enabled) (.Capabilities.APIVersions.Has "policy/v1beta1") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "kong.serviceAccountName" . }}-psp
+  labels:
+    {{- include "kong.metaLabels" . | nindent 4 }}
+  {{- with .Values.podSecurityPolicy.labels }}
+  {{- range $key, $value := . }}
+    {{ $key }}: {{ $value }}
+  {{- end }}
+  {{- end }}
+  {{- with .Values.podSecurityPolicy.annotations }}
+  annotations:
+  {{- range $key, $value := . }}
+    {{ $key }}: {{ $value | quote }}
+  {{- end }}
+  {{- end }}
+spec:
+{{ .Values.podSecurityPolicy.spec | toYaml | indent 2 }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "kong.serviceAccountName" . }}-psp
+  labels:
+    {{- include "kong.metaLabels" . | nindent 4 }}
+rules:
+  - apiGroups:
+      - policy
+    resources:
+      - podsecuritypolicies
+    verbs:
+      - use
+    resourceNames:
+      - {{ template "kong.serviceAccountName" . }}-psp
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "kong.serviceAccountName" . }}-psp
+  namespace: {{ template "kong.namespace" . }}
+  labels:
+    {{- include "kong.metaLabels" . | nindent 4 }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "kong.serviceAccountName" . }}
+    namespace: {{ template "kong.namespace" . }}
+roleRef:
+  kind: ClusterRole
+  name: {{ template "kong.serviceAccountName" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+{{- end }}