mirrors/kube-prometheus
1
0
Fork 0
mirror of https://github.com/prometheus-operator/kube-prometheus.git synced 2025-11-08 03:51:02 +01:00
Code Issues Projects Releases Wiki Activity

PodSecurityPolicy uses role instead of clusterRole where posible

Browse Source 
Signed-off-by: ArthurSens <arthursens2005@gmail.com>
This commit is contained in:
ArthurSens 2021-03-25 20:59:49 +00:00
parent 6497d78f2c
commit c9b52c97f5
1 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
jsonnet/kube-prometheus/addons/podsecuritypolicies.libsonnet
View File

@ -2,7 +2,7 @@ local restrictedPodSecurityPolicy = {
apiVersion: 'policy/v1beta1', apiVersion: 'policy/v1beta1',
kind: 'PodSecurityPolicy', kind: 'PodSecurityPolicy',
metadata: { metadata: {
name: 'restricted', name: 'kube-prometheus-restricted',
}, },
spec: { spec: {
privileged: false, privileged: false,
@ -54,9 +54,9 @@ local restrictedPodSecurityPolicy = {
restrictedPodSecurityPolicy: restrictedPodSecurityPolicy, restrictedPodSecurityPolicy: restrictedPodSecurityPolicy,
alertmanager+: { alertmanager+: {
clusterRole: { role: {
apiVersion: 'rbac.authorization.k8s.io/v1', apiVersion: 'rbac.authorization.k8s.io/v1',
kind: 'ClusterRole', kind: 'Role',
metadata: { metadata: {
name: 'alertmanager-' + $.values.alertmanager.name, name: 'alertmanager-' + $.values.alertmanager.name,
}, },
@ -68,15 +68,15 @@ local restrictedPodSecurityPolicy = {
}], }],
}, },
clusterRoleBinding: { roleBinding: {
apiVersion: 'rbac.authorization.k8s.io/v1', apiVersion: 'rbac.authorization.k8s.io/v1',
kind: 'ClusterRoleBinding', kind: 'RoleBinding',
metadata: { metadata: {
name: 'alertmanager-' + $.values.alertmanager.name, name: 'alertmanager-' + $.values.alertmanager.name,
}, },
roleRef: { roleRef: {
apiGroup: 'rbac.authorization.k8s.io', apiGroup: 'rbac.authorization.k8s.io',
kind: 'ClusterRole', kind: 'Role',
name: 'alertmanager-' + $.values.alertmanager.name, name: 'alertmanager-' + $.values.alertmanager.name,
}, },
subjects: [{ subjects: [{
@ -121,9 +121,9 @@ local restrictedPodSecurityPolicy = {
}, },
grafana+: { grafana+: {
clusterRole: { role: {
apiVersion: 'rbac.authorization.k8s.io/v1', apiVersion: 'rbac.authorization.k8s.io/v1',
kind: 'ClusterRole', kind: 'Role',
metadata: { metadata: {
name: 'grafana', name: 'grafana',
}, },
@ -135,15 +135,15 @@ local restrictedPodSecurityPolicy = {
}], }],
}, },
clusterRoleBinding: { roleBinding: {
apiVersion: 'rbac.authorization.k8s.io/v1', apiVersion: 'rbac.authorization.k8s.io/v1',
kind: 'ClusterRoleBinding', kind: 'RoleBinding',
metadata: { metadata: {
name: 'grafana', name: 'grafana',
}, },
roleRef: { roleRef: {
apiGroup: 'rbac.authorization.k8s.io', apiGroup: 'rbac.authorization.k8s.io',
kind: 'ClusterRole', kind: 'Role',
name: 'grafana', name: 'grafana',
}, },
subjects: [{ subjects: [{