Make PSPs cluster-scoped

geek-cookbook · Dec 16, 2020 · 772b846 · 772b846
1 parent a8c9a22
commit 772b846
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 2 deletions.
diff --git a/charts/fission-all/Chart.yaml b/charts/fission-all/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: fission-all
-version: 1.8.1-pre22
+version: 1.8.1-pre23
 description: Fission is a fast serverless framework for Kubernetes.
 keywords:
 - fission

diff --git a/charts/fission-all/templates/logger/psp.yaml b/charts/fission-all/templates/logger/psp.yaml
@@ -1,5 +1,6 @@
 {{- if .Values.fluentbit }}
 {{- if .Values.logger.podSecurityPolicy.enabled }}
+{{- if .Values.createClusterResources }}
 
 apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
@@ -26,5 +27,6 @@ spec:
   - {{ . }}
   {{- end }}
 {{- end }}
+{{- end }}
 {{- end }}  
 {{- end }}
diff --git a/charts/fission-all/values.yaml b/charts/fission-all/values.yaml
@@ -132,9 +132,10 @@ logger:
 
   ## Enable PodSecurityPolicies to allow privileged container
   ## Only required in some clusters and when enableSecurityContext is true
+  # For this to take full effect, createClusterResources must also be enabled (PSPs are cluster-scoped, and can't created by multiple helm charts)
   podSecurityPolicy:
     enabled: false
-   
+
     ## Configure additional capabilities
     additionalCapabilities:
     # example values for linkerd