Merge pull request #1070 from ArthurSens/as/psp-respect-common-ns
Psp should be deployed at the same namespace as kube-prometheus stack
This commit is contained in:
Paweł Krupa
GitHub
@@ -59,6 +59,7 @@ local restrictedPodSecurityPolicy = {
|
|||||||
kind: 'Role',
|
kind: 'Role',
|
||||||
metadata: {
|
metadata: {
|
||||||
name: 'alertmanager-' + $.values.alertmanager.name,
|
name: 'alertmanager-' + $.values.alertmanager.name,
|
||||||
|
namespace: $.values.common.namespace,
|
||||||
},
|
},
|
||||||
rules: [{
|
rules: [{
|
||||||
apiGroups: ['policy'],
|
apiGroups: ['policy'],
|
||||||
@@ -73,6 +74,7 @@ local restrictedPodSecurityPolicy = {
|
|||||||
kind: 'RoleBinding',
|
kind: 'RoleBinding',
|
||||||
metadata: {
|
metadata: {
|
||||||
name: 'alertmanager-' + $.values.alertmanager.name,
|
name: 'alertmanager-' + $.values.alertmanager.name,
|
||||||
|
namespace: $.values.common.namespace,
|
||||||
},
|
},
|
||||||
roleRef: {
|
roleRef: {
|
||||||
apiGroup: 'rbac.authorization.k8s.io',
|
apiGroup: 'rbac.authorization.k8s.io',
|
||||||
@@ -126,6 +128,7 @@ local restrictedPodSecurityPolicy = {
|
|||||||
kind: 'Role',
|
kind: 'Role',
|
||||||
metadata: {
|
metadata: {
|
||||||
name: 'grafana',
|
name: 'grafana',
|
||||||
|
namespace: $.values.common.namespace,
|
||||||
},
|
},
|
||||||
rules: [{
|
rules: [{
|
||||||
apiGroups: ['policy'],
|
apiGroups: ['policy'],
|
||||||
@@ -140,6 +143,7 @@ local restrictedPodSecurityPolicy = {
|
|||||||
kind: 'RoleBinding',
|
kind: 'RoleBinding',
|
||||||
metadata: {
|
metadata: {
|
||||||
name: 'grafana',
|
name: 'grafana',
|
||||||
|
namespace: $.values.common.namespace,
|
||||||
},
|
},
|
||||||
roleRef: {
|
roleRef: {
|
||||||
apiGroup: 'rbac.authorization.k8s.io',
|
apiGroup: 'rbac.authorization.k8s.io',
|
||||||
|
|||||||
Reference in New Issue
Block a user