Install the PSP on Kubernetes 1.24 and earlier only

octarinesec · Sep 26, 2022 · 83971c5 · 83971c5
1 parent ac2b79a
commit 83971c5
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 2 deletions.
diff --git a/charts/cbcontainers-operator/cbcontainers-operator-chart/templates/operator.yaml b/charts/cbcontainers-operator/cbcontainers-operator-chart/templates/operator.yaml
@@ -4496,6 +4496,7 @@ kind: ServiceAccount
 metadata:
   name: cbcontainers-operator
   namespace: cbcontainers-dataplane
+{{- if and (eq (int .Capabilities.KubeVersion.Major) 1) (lt (int .Capabilities.KubeVersion.Minor) 25) }}
 ---
 apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
@@ -4519,6 +4520,7 @@ spec:
     rule: RunAsAny
   volumes:
   - '*'
+{{- end }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role

diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml
@@ -12,4 +12,3 @@ resources:
 - auth_proxy_role.yaml
 - auth_proxy_role_binding.yaml
 # - auth_proxy_client_clusterrole.yaml
-- pod_security_policy.yaml
diff --git a/config/rbac/pod_security_policy.yaml → operator_psp.yaml b/config/rbac/pod_security_policy.yaml → operator_psp.yaml
@@ -2,7 +2,7 @@
 apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
 metadata:
-  name: manager-psp
+  name: cbcontainers-manager-psp
 spec:
   privileged: true
   hostPID: true