helm: added necessary hostPorts in the PodSecurityPolicy (#371)

mvisonneau · web-flow · commit adcb3f679479 · 2021-02-23T16:14:19.000-06:00
When metric/prometheus endpoint is enabled, we currently have an issue as the PodSecurityPolicy does not allow the pod to bind the ports. This change sorts this issue out (#365). Signed-off-by: Maxime VISONNEAU <maxime.visonneau@gmail.com>
diff --git a/config/helm/aws-node-termination-handler/templates/psp.yaml b/config/helm/aws-node-termination-handler/templates/psp.yaml
@@ -12,6 +12,11 @@ spec:
   hostIPC: false
   hostNetwork: {{ .Values.useHostNetwork }} 
   hostPID: false
+{{- if and .Values.rbac.pspEnabled .Values.enablePrometheusServer }}
+  hostPorts:
+  - min: {{ .Values.prometheusServerPort }}
+    max: {{ .Values.prometheusServerPort }}
+{{- end }}
   readOnlyRootFilesystem: false
   allowPrivilegeEscalation: false
   allowedCapabilities:
diff --git a/config/helm/aws-node-termination-handler/test.yaml b/config/helm/aws-node-termination-handler/test.yaml
@@ -122,7 +122,7 @@ windowsNodeSelector: {
 }
 
 enablePrometheusServer: true
-prometheusServerPort: "9092"
+prometheusServerPort: 9092
 
 tolerations:
 - operator: "Exists"
diff --git a/config/helm/aws-node-termination-handler/values.yaml b/config/helm/aws-node-termination-handler/values.yaml
@@ -142,7 +142,7 @@ nodeSelectorTermsOs: ""
 nodeSelectorTermsArch: ""
 
 enablePrometheusServer: false
-prometheusServerPort: "9092"
+prometheusServerPort: 9092
 
 tolerations:
   - operator: "Exists"

Original file line number	Diff line number	Diff line change
`@@ -122,7 +122,7 @@ windowsNodeSelector: {`
`122`	`122`	`}`
`123`	`123`
`124`	`124`	`enablePrometheusServer: true`
`125`		`-prometheusServerPort: "9092"`
	`125`	`+prometheusServerPort: 9092`
`126`	`126`
`127`	`127`	`tolerations:`
`128`	`128`	`- operator: "Exists"`