Add pod security policy so botkube works in restricted clusters (#195)

* Update comment to indicate the certificate is used by Mattermost * Lint all-in-one deployment yamls * Add pod security policy so botkube works in restricted clusters
kubeshop · Nov 12, 2019 · 32a4603 · 32a4603
1 parent 36aeb82
commit 32a4603
Show file tree

Hide file tree

Showing 5 changed files with 82 additions and 50 deletions.
diff --git a/deploy-all-in-one-tls.yaml b/deploy-all-in-one-tls.yaml
@@ -11,27 +11,27 @@ data:
     ## Resources you want to watch
     resources:
         namespaces:
-          include:  
+          include:
             - all
           ignore:                 # List of namespaces to be ignored (omitempty), used only with include: all
-            -                     # example : include [all], ignore [x,y,z] 
+            -                     # example : include [all], ignore [x,y,z]
         events:                   # List of lifecycle events you want to receive, e.g create, update, delete, error OR all
           - create
           - delete
           - error
       - name: service
         namespaces:
-          include:  
+          include:
             - all
           ignore:
-            - 
+            -
         events:
           - create
           - delete
           - error
       - name: deployment
         namespaces:
-          include:  
+          include:
             - all
           ignore:
             -
@@ -42,7 +42,7 @@ data:
           - error
       - name: statefulset
         namespaces:
-          include:  
+          include:
             - all
           ignore:
             -
@@ -53,7 +53,7 @@ data:
           - error
       - name: ingress
         namespaces:
-          include:  
+          include:
             - all
           ignore:
             -
@@ -63,7 +63,7 @@ data:
           - error
       - name: node
         namespaces:
-          include:  
+          include:
             - all
           ignore:
             -
@@ -73,7 +73,7 @@ data:
           - error
       - name: namespace
         namespaces:
-          include:  
+          include:
             - all
           ignore:
             -
@@ -83,7 +83,7 @@ data:
           - error
       - name: persistentvolume
         namespaces:
-          include:  
+          include:
             - all
           ignore:
             -
@@ -93,7 +93,7 @@ data:
           - error
       - name: persistentvolumeclaim
         namespaces:
-          include:  
+          include:
             - all
           ignore:
             -
@@ -103,7 +103,7 @@ data:
           - error
       - name: secret
         namespaces:
-          include:  
+          include:
             - all
           ignore:
             -
@@ -113,7 +113,7 @@ data:
           - error
       - name: configmap
         namespaces:
-          include:  
+          include:
             - all
           ignore:
             -
@@ -123,7 +123,7 @@ data:
           - error
       - name: daemonset
         namespaces:
-          include:  
+          include:
             - all
           ignore:
             -
@@ -134,7 +134,7 @@ data:
           - error
       - name: job
         namespaces:
-          include:  
+          include:
             - all
           ignore:
             -
@@ -145,7 +145,7 @@ data:
           - error
       - name: role
         namespaces:
-          include:  
+          include:
             - all
           ignore:
             -
@@ -155,7 +155,7 @@ data:
           - error
       - name: rolebinding
         namespaces:
-          include:  
+          include:
             - all
           ignore:
             -
@@ -175,19 +175,19 @@ data:
           - error
       - name: clusterrolebinding
         namespaces:
-          include:  
+          include:
             - all
           ignore:
             -
         events:
           - create
           - delete
           - error
-  
+
     # Check true if you want to receive recommendations
     # about the best practices for the created resource
     recommendations: true
-    
+
     # Channels configuration
     communications:
       # Settings for Slack
@@ -196,7 +196,7 @@ data:
         channel: 'SLACK_CHANNEL'
         token: 'SLACK_API_TOKEN'
         notiftype: short                            # Change notification type short/long you want to receive. notiftype is optional and Default notification type is short (if not specified)
-      
+
       # Settings for Mattermost
       mattermost:
         enabled: false
@@ -205,7 +205,7 @@ data:
         team: 'MATTERMOST_TEAM'                     # Mattermost Team to configure with BotKube
         channel: 'MATTERMOST_CHANNEL'               # Mattermost Channel for receiving BotKube alerts
         notiftype: short                            # Change notification type short/long you want to receive. notiftype is optional and Default notification type is short (if not specified)
-      
+
       # Settings for ELS
       elasticsearch:
         enable: false
@@ -218,13 +218,13 @@ data:
           type: botkube-event
           shards: 1
           replicas: 0
-      
+
       # Settings for Webhook
       webhook:
         enabled: false
         url: 'WEBHOOK_URL'                          # e.g https://example.com:80
 
-  
+
     # Setting to support multiple clusters
     settings:
       # Cluster name to differentiate incoming messages
@@ -272,15 +272,15 @@ subjects:
   name: botkube-sa
   namespace: botkube
 ---
-# Secret
+# Certificate for Mattermost integration: https://www.botkube.io/installation/mattermost/
 apiVersion: v1
 kind: Secret
 metadata:
   name: botkube-secret
   labels:
-    app: botkube 
+    app: botkube
 data:
-  ca-certificates.crt: ENCODED_CERTIFICATE 
+  ca-certificates.crt: ENCODED_CERTIFICATE
 ---
 # deployment
 apiVersion: apps/v1