From 83971c5059f7546192d4f7b8994a4f06172d5ea6 Mon Sep 17 00:00:00 2001 From: Ross Georgiev Date: Fri, 23 Sep 2022 11:28:57 +0300 Subject: [PATCH] Install the PSP on Kubernetes 1.24 and earlier only --- .../cbcontainers-operator-chart/templates/operator.yaml | 2 ++ config/rbac/kustomization.yaml | 1 - config/rbac/pod_security_policy.yaml => operator_psp.yaml | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) rename config/rbac/pod_security_policy.yaml => operator_psp.yaml (91%) diff --git a/charts/cbcontainers-operator/cbcontainers-operator-chart/templates/operator.yaml b/charts/cbcontainers-operator/cbcontainers-operator-chart/templates/operator.yaml index ed97aef4..935a785c 100644 --- a/charts/cbcontainers-operator/cbcontainers-operator-chart/templates/operator.yaml +++ b/charts/cbcontainers-operator/cbcontainers-operator-chart/templates/operator.yaml @@ -4496,6 +4496,7 @@ kind: ServiceAccount metadata: name: cbcontainers-operator namespace: cbcontainers-dataplane +{{- if and (eq (int .Capabilities.KubeVersion.Major) 1) (lt (int .Capabilities.KubeVersion.Minor) 25) }} --- apiVersion: policy/v1beta1 kind: PodSecurityPolicy @@ -4519,6 +4520,7 @@ spec: rule: RunAsAny volumes: - '*' +{{- end }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml index 28af6490..40dca000 100644 --- a/config/rbac/kustomization.yaml +++ b/config/rbac/kustomization.yaml @@ -12,4 +12,3 @@ resources: - auth_proxy_role.yaml - auth_proxy_role_binding.yaml # - auth_proxy_client_clusterrole.yaml -- pod_security_policy.yaml diff --git a/config/rbac/pod_security_policy.yaml b/operator_psp.yaml similarity index 91% rename from config/rbac/pod_security_policy.yaml rename to operator_psp.yaml index df0782fb..2fdcb8a3 100644 --- a/config/rbac/pod_security_policy.yaml +++ b/operator_psp.yaml @@ -2,7 +2,7 @@ apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: - name: manager-psp + name: cbcontainers-manager-psp spec: privileged: true hostPID: true