Make PodSecurityPolicy name unique in k8s cluster when rbac.limit_to_namespace is true (#224)

- allows having multiple Pulsar clusters in different K8S namespaces but having the same helm release name
  - PodSecurityPolicy is a cluster-level-resource and name would collide without this change

Author: frankjkelly

Diff for: charts/pulsar/Chart.yaml

@@ -21,7 +21,7 @@ apiVersion: v2
 appVersion: "2.7.4"
 description: Apache Pulsar Helm chart for Kubernetes
 name: pulsar
-version: 2.7.10
+version: 2.7.11
 home: https://pulsar.apache.org
 sources:
 - https://github.com/apache/pulsar

Diff for: charts/pulsar/templates/autorecovery-rbac.yaml

@@ -59,8 +59,11 @@ subjects:
 apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
 metadata:
+{{- if .Values.rbac.limit_to_namespace }}
+  name: "{{ template "pulsar.fullname" . }}-{{ .Values.autorecovery.component }}-{{ template "pulsar.namespace" . }}"
+{{- else}}
   name: "{{ template "pulsar.fullname" . }}-{{ .Values.autorecovery.component }}"
-  namespace: {{ template "pulsar.namespace" . }}
+{{- end}}
 spec:
   readOnlyRootFilesystem: false
   privileged: false

Diff for: charts/pulsar/templates/bookkeeper-rbac.yaml

@@ -59,8 +59,11 @@ subjects:
 apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
 metadata:
+{{- if .Values.rbac.limit_to_namespace }}
+  name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}-{{ template "pulsar.namespace" . }}"
+{{- else}}
   name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}"
-  namespace: {{ template "pulsar.namespace" . }}
+{{- end}}
 spec:
   readOnlyRootFilesystem: false
   privileged: false

Diff for: charts/pulsar/templates/broker-rbac.yaml

@@ -97,8 +97,11 @@ subjects:
 apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
 metadata:
+{{- if .Values.rbac.limit_to_namespace }}
+  name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}-{{ template "pulsar.namespace" . }}"
+{{- else}}
   name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}"
-  namespace: {{ template "pulsar.namespace" . }}
+{{- end}}
 spec:
   readOnlyRootFilesystem: false
   privileged: false

Diff for: charts/pulsar/templates/proxy-rbac.yaml

@@ -59,8 +59,11 @@ subjects:
 apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
 metadata:
+{{- if .Values.rbac.limit_to_namespace }}
+  name: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}-{{ template "pulsar.namespace" . }}"
+{{- else}}
   name: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}"
-  namespace: {{ template "pulsar.namespace" . }}
+{{- end}}
 spec:
   readOnlyRootFilesystem: false
   privileged: false

Diff for: charts/pulsar/templates/toolset-rbac.yaml

@@ -59,8 +59,11 @@ subjects:
 apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
 metadata:
+{{- if .Values.rbac.limit_to_namespace }}
+  name: "{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}-{{ template "pulsar.namespace" . }}"
+{{- else}}
   name: "{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}"
-  namespace: {{ template "pulsar.namespace" . }}
+{{- end}}
 spec:
   readOnlyRootFilesystem: false
   privileged: false

Diff for: charts/pulsar/templates/zookeeper-rbac.yaml

@@ -59,8 +59,11 @@ subjects:
 apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
 metadata:
-  name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}"
-  namespace: {{ template "pulsar.namespace" . }}
+{{- if .Values.rbac.limit_to_namespace }}
+  name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}-{{ template "pulsar.namespace" . }}"
+{{- else}}
+  name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}" 
+{{- end}}
 spec:
   readOnlyRootFilesystem: false
   privileged: false