From 3ea928664289cdc8a2f95daf87e6ceafe4fdac16 Mon Sep 17 00:00:00 2001
From: Geet Samra <amangeet.samra@suse.com>
Date: Mon, 19 Dec 2022 18:01:15 -0800
Subject: [PATCH] psp changes for kube-state-metrics

---
 .../templates/podsecuritypolicy.yaml.patch    | 15 +++++++++++++++
 .../templates/psp-clusterrole.yaml.patch      | 19 +++++++++++++++++++
 2 files changed, 34 insertions(+)
 create mode 100644 packages/rancher-monitoring/rancher-kube-state-metrics/generated-changes/patch/templates/podsecuritypolicy.yaml.patch
 create mode 100644 packages/rancher-monitoring/rancher-kube-state-metrics/generated-changes/patch/templates/psp-clusterrole.yaml.patch

diff --git a/packages/rancher-monitoring/rancher-kube-state-metrics/generated-changes/patch/templates/podsecuritypolicy.yaml.patch b/packages/rancher-monitoring/rancher-kube-state-metrics/generated-changes/patch/templates/podsecuritypolicy.yaml.patch
new file mode 100644
index 000000000..0b7934c11
--- /dev/null
+++ b/packages/rancher-monitoring/rancher-kube-state-metrics/generated-changes/patch/templates/podsecuritypolicy.yaml.patch
@@ -0,0 +1,15 @@
+--- charts-original/templates/podsecuritypolicy.yaml
++++ charts/templates/podsecuritypolicy.yaml
+@@ -1,3 +1,4 @@
++{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicies" }}
+ {{- if .Values.podSecurityPolicy.enabled }}
+ apiVersion: policy/v1beta1
+ kind: PodSecurityPolicy
+@@ -36,4 +37,5 @@
+       - min: 1
+         max: 65535
+   readOnlyRootFilesystem: false
+-{{- end }}
++{{- end }}
++{{- end }}
+\ No newline at end of file
diff --git a/packages/rancher-monitoring/rancher-kube-state-metrics/generated-changes/patch/templates/psp-clusterrole.yaml.patch b/packages/rancher-monitoring/rancher-kube-state-metrics/generated-changes/patch/templates/psp-clusterrole.yaml.patch
new file mode 100644
index 000000000..e5e8c45f8
--- /dev/null
+++ b/packages/rancher-monitoring/rancher-kube-state-metrics/generated-changes/patch/templates/psp-clusterrole.yaml.patch
@@ -0,0 +1,19 @@
+--- charts-original/templates/psp-clusterrole.yaml
++++ charts/templates/psp-clusterrole.yaml
+@@ -8,12 +8,16 @@
+ rules:
+ {{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
+ {{- if semverCompare "> 1.15.0-0" $kubeTargetVersion }}
++{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicies" }}
+ - apiGroups: ['policy']
++{{- end }}
+ {{- else }}
+ - apiGroups: ['extensions']
+ {{- end }}
++{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicies" }}
+   resources: ['podsecuritypolicies']
+   verbs:     ['use']
+   resourceNames:
+   - {{ template "kube-state-metrics.fullname" . }}
++{{- end }}
+ {{- end }}