Skip to content

Commit

Permalink
Add psp.enabled field to disable PSP objects
Browse files Browse the repository at this point in the history 
Signed-off-by: Tamal Saha <[email protected]>
  • Loading branch information
@tamalsaha
tamalsaha committed Oct 12, 2023
1 parent e3a6603 commit da0f398
Show file tree
Hide file tree
Showing 28 changed files with 84 additions and 14 deletions.
1 change: 1 addition & 0 deletions apis/installer/v1alpha1/kubedb_catalog_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,7 @@ type Catalog struct {
}

type PSP struct {
Enabled bool `json:"enabled"`
//+optional
Elasticsearch PSPElasticsearch `json:"elasticsearch"`
//+optional
Expand Down
1 change: 1 addition & 0 deletions apis/installer/v1alpha1/kubedb_ops_manager_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,7 @@ type KubedbOpsManagerSpec struct {
LicenseSecretName string `json:"licenseSecretName"`
// +optional
RecommendationEngine RecommendationEngineConfig `json:"recommendationEngine"`
Psp PSPSpec `json:"psp"`
}

// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
Expand Down
3 changes: 2 additions & 1 deletion apis/installer/v1alpha1/kubedb_provisioner_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,8 @@ type KubedbProvisionerSpec struct {
// +optional
License string `json:"license"`
// +optional
LicenseSecretName string `json:"licenseSecretName"`
LicenseSecretName string `json:"licenseSecretName"`
Psp PSPSpec `json:"psp"`
}

// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
Expand Down
3 changes: 3 additions & 0 deletions apis/installer/v1alpha1/types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,3 +96,6 @@ type EASMonitoring struct {
Agent MonitoringAgent `json:"agent"`
ServiceMonitor ServiceMonitorLabels `json:"serviceMonitor"`
}
type PSPSpec struct {
Enabled bool `json:"enabled"`
}
18 changes: 18 additions & 0 deletions apis/installer/v1alpha1/zz_generated.deepcopy.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions charts/kubedb-catalog/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,7 @@ The following table lists the configurable parameters of the `kubedb-catalog` ch
| catalog.proxysql | If true, deploys ProxySQL version catalog | <code>true</code> |
| catalog.redis | If true, deploys Redis version catalog | <code>true</code> |
| catalog.kafka | | <code>true</code> |
| psp.enabled | | <code>true</code> |
| psp.elasticsearch.allowPrivilegeEscalation | | <code>true</code> |
| psp.elasticsearch.privileged | | <code>true</code> |
| psp.mariadb.allowPrivilegeEscalation | | <code>false</code> |
Expand Down
2 changes: 1 addition & 1 deletion charts/kubedb-catalog/templates/elasticsearch/elasticsearch-psp.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{{ if and (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") .Values.catalog.elasticsearch }}
{{ if and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") .Values.catalog.elasticsearch }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
Expand Down
2 changes: 1 addition & 1 deletion charts/kubedb-catalog/templates/kafka/kafka-psp.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{{ if and (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") .Values.catalog.kafka }}
{{ if and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") .Values.catalog.kafka }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
Expand Down
2 changes: 1 addition & 1 deletion charts/kubedb-catalog/templates/mariadb/mariadb-psp.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{{ if and (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") .Values.catalog.mariadb }}
{{ if and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") .Values.catalog.mariadb }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
Expand Down
2 changes: 1 addition & 1 deletion charts/kubedb-catalog/templates/memcached/memcached-psp.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{{ if and (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") .Values.catalog.memcached }}
{{ if and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") .Values.catalog.memcached }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
Expand Down
2 changes: 1 addition & 1 deletion charts/kubedb-catalog/templates/mongodb/mongodb-psp.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{{ if and (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") .Values.catalog.mongodb }}
{{ if and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") .Values.catalog.mongodb }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
Expand Down
2 changes: 1 addition & 1 deletion charts/kubedb-catalog/templates/mysql/mysql-psp.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{{ if and (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") .Values.catalog.mysql }}
{{ if and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") .Values.catalog.mysql }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
Expand Down
2 changes: 1 addition & 1 deletion charts/kubedb-catalog/templates/perconaxtradb/perconaxtradb-psp.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{{ if and (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") .Values.catalog.perconaxtradb }}
{{ if and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") .Values.catalog.perconaxtradb }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
Expand Down
2 changes: 1 addition & 1 deletion charts/kubedb-catalog/templates/postgres/postgres-psp.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{{ if and (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") .Values.catalog.postgres }}
{{ if and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") .Values.catalog.postgres }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
Expand Down
2 changes: 1 addition & 1 deletion charts/kubedb-catalog/templates/proxysql/proxysql-psp.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{{ if and (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") .Values.catalog.proxysql }}
{{ if and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") .Values.catalog.proxysql }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
Expand Down
2 changes: 1 addition & 1 deletion charts/kubedb-catalog/templates/redis/redis-psp.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{{ if and (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") .Values.catalog.redis }}
{{ if and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") .Values.catalog.redis }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
Expand Down
3 changes: 3 additions & 0 deletions charts/kubedb-catalog/values.openapiv3_schema.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,8 @@ properties:
- allowPrivilegeEscalation
- privileged
type: object
enabled:
type: boolean
kafka:
properties:
allowPrivilegeEscalation:
Expand Down Expand Up @@ -143,6 +145,7 @@ properties:
- privileged
type: object
required:
- enabled
- kafka
type: object
registryFQDN:
Expand Down
1 change: 1 addition & 0 deletions charts/kubedb-catalog/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@ catalog:
kafka: true

psp:
enabled: true
elasticsearch:
allowPrivilegeEscalation: true
privileged: true
Expand Down
1 change: 1 addition & 0 deletions charts/kubedb-ops-manager/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -82,6 +82,7 @@ The following table lists the configurable parameters of the `kubedb-ops-manager
| recommendationEngine.genRotateTLSRecommendationBeforeExpiryYear | Rotate TLS recommendation will be generated before given year of expiration. It also depends on gen-rotate-tls-recommendation-before-expiry-month and gen-rotate-tls-recommendation-before-expiry-year. Default values are 0(zero) for gen-rotate-tls-recommendation-before-expiry-year, 1(one) for gen-rotate-tls-recommendation-before-expiry-month, 0(zero) for gen-rotate-tls-recommendation-before-expiry-day flags. | <code>0</code> |
| recommendationEngine.genRotateTLSRecommendationBeforeExpiryMonth | Rotate TLS recommendation will be generated before given month of expiration. It also depends on gen-rotate-tls-recommendation-before-expiry-year and gen-rotate-tls-recommendation-before-expiry-day flag. By default it is set as 1(one). | <code>1</code> |
| recommendationEngine.genRotateTLSRecommendationBeforeExpiryDay | Rotate TLS recommendation will be generated before given day of expiration. It also depends on gen-rotate-tls-recommendation-before-expiry-year and gen-rotate-tls-recommendation-before-expiry-month flag. By default it is set as 0(zero). | <code>0</code> |
| psp.enabled | | <code>true</code> |


Specify each parameter using the `--set key=value[,key=value]` argument to `helm upgrade -i`. For example:
Expand Down
2 changes: 1 addition & 1 deletion charts/kubedb-ops-manager/templates/operator-psp.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{{ if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }}
{{ if and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
Expand Down
8 changes: 8 additions & 0 deletions charts/kubedb-ops-manager/values.openapiv3_schema.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1169,6 +1169,13 @@ properties:
type: string
type: object
type: object
psp:
properties:
enabled:
type: boolean
required:
- enabled
type: object
recommendationEngine:
properties:
genRotateTLSRecommendationBeforeExpiryDay:
Expand Down Expand Up @@ -1246,6 +1253,7 @@ required:
- insecureRegistries
- monitoring
- operator
- psp
- registryFQDN
- replicaCount
- serviceAccount
Expand Down
2 changes: 2 additions & 0 deletions charts/kubedb-ops-manager/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -125,3 +125,5 @@ recommendationEngine:
# It also depends on gen-rotate-tls-recommendation-before-expiry-year and gen-rotate-tls-recommendation-before-expiry-month flag.
# By default it is set as 0(zero).
genRotateTLSRecommendationBeforeExpiryDay: 0
psp:
enabled: true
1 change: 1 addition & 0 deletions charts/kubedb-provisioner/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,7 @@ The following table lists the configurable parameters of the `kubedb-provisioner
| monitoring.agent | Name of monitoring agent (one of "prometheus.io", "prometheus.io/operator", "prometheus.io/builtin") | <code>""</code> |
| monitoring.serviceMonitor.labels | Specify the labels for ServiceMonitor. Prometheus crd will select ServiceMonitor using these labels. Only usable when monitoring agent is `prometheus.io/operator`. | <code>{}</code> |
| additionalPodSecurityPolicies | Additional psp names passed to operator <br> Example: <br> `helm template ./chart/kubedb \` <br> `--set additionalPodSecurityPolicies[0]=abc \` <br> `--set additionalPodSecurityPolicies[1]=xyz` | <code>[]</code> |
| psp.enabled | | <code>true</code> |


Specify each parameter using the `--set key=value[,key=value]` argument to `helm upgrade -i`. For example:
Expand Down
2 changes: 1 addition & 1 deletion charts/kubedb-provisioner/templates/operator-psp.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{{ if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }}
{{ if and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
Expand Down
8 changes: 8 additions & 0 deletions charts/kubedb-provisioner/values.openapiv3_schema.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1175,6 +1175,13 @@ properties:
type: string
type: object
type: object
psp:
properties:
enabled:
type: boolean
required:
- enabled
type: object
registryFQDN:
type: string
replicaCount:
Expand Down Expand Up @@ -1236,6 +1243,7 @@ required:
- insecureRegistries
- monitoring
- operator
- psp
- registryFQDN
- replicaCount
- serviceAccount
Expand Down
2 changes: 2 additions & 0 deletions charts/kubedb-provisioner/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -115,3 +115,5 @@ monitoring:
# --set additionalPodSecurityPolicies[0]=abc \
# --set additionalPodSecurityPolicies[1]=xyz
additionalPodSecurityPolicies: []
psp:
enabled: true
19 changes: 19 additions & 0 deletions charts/kubedb/values.openapiv3_schema.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1397,6 +1397,8 @@ properties:
- allowPrivilegeEscalation
- privileged
type: object
enabled:
type: boolean
kafka:
properties:
allowPrivilegeEscalation:
Expand Down Expand Up @@ -1488,6 +1490,7 @@ properties:
- privileged
type: object
required:
- enabled
- kafka
type: object
registryFQDN:
Expand Down Expand Up @@ -3989,6 +3992,13 @@ properties:
type: string
type: object
type: object
psp:
properties:
enabled:
type: boolean
required:
- enabled
type: object
recommendationEngine:
properties:
genRotateTLSRecommendationBeforeExpiryDay:
Expand Down Expand Up @@ -4068,6 +4078,7 @@ properties:
- insecureRegistries
- monitoring
- operator
- psp
- registryFQDN
- replicaCount
- serviceAccount
Expand Down Expand Up @@ -5286,6 +5297,13 @@ properties:
type: string
type: object
type: object
psp:
properties:
enabled:
type: boolean
required:
- enabled
type: object
registryFQDN:
type: string
replicaCount:
Expand Down Expand Up @@ -5349,6 +5367,7 @@ properties:
- insecureRegistries
- monitoring
- operator
- psp
- registryFQDN
- replicaCount
- serviceAccount
Expand Down
2 changes: 1 addition & 1 deletion hack/fmt/templates/psp.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{{"{{ if and (.Capabilities.APIVersions.Has \"policy/v1beta1/PodSecurityPolicy\") .Values.catalog."}}{{ .key }}{{" }}"}}
{{"{{ if and .Values.psp.enabled (.Capabilities.APIVersions.Has \"policy/v1beta1/PodSecurityPolicy\") .Values.catalog."}}{{ .key }}{{" }}"}}
apiVersion: {{ .object.apiVersion }}
kind: {{ .object.kind }}
metadata:
Expand Down

0 comments on commit da0f398

Please sign in to comment.