add condition to check for PSP capability in rancher-istio

packages/rancher-istio/1.15/rancher-istio/charts/templates/clusterrole.yaml

@@ -122,6 +122,7 @@ rules:
   - serviceaccounts
   verbs:
   - '*'
+{{- if and .Values.global.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }}
 - apiGroups:
   - policy
   resourceNames:
@@ -130,3 +131,4 @@ rules:
   - podsecuritypolicies
   verbs:
   - use
+{{- end }}

packages/rancher-istio/1.15/rancher-istio/charts/templates/istio-cni-psp.yaml

@@ -1,4 +1,5 @@
 {{- if .Values.global.rbac.pspEnabled }}
+{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }}
 apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
 metadata:
@@ -48,4 +49,5 @@ rules:
   - podsecuritypolicies
   verbs:
   - use
-{{- end }}
+{{- end }}
+{{- end }}

packages/rancher-istio/1.15/rancher-istio/charts/templates/istio-install-psp.yaml

@@ -1,4 +1,5 @@
 {{- if .Values.global.rbac.pspEnabled }}
+{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }}
 apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
 metadata:
@@ -27,4 +28,5 @@ spec:
   volumes:
     - 'configMap'
     - 'secret'
+{{- end }}
 {{- end }}

packages/rancher-istio/1.15/rancher-istio/charts/templates/istio-psp.yaml

@@ -1,4 +1,5 @@
 {{- if .Values.global.rbac.pspEnabled }}
+{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
@@ -78,4 +79,5 @@ spec:
   - secret
   - downwardAPI
   - persistentVolumeClaim
+{{- end }}
 {{- end }}

packages/rancher-istio/1.15/rancher-istio/package.yaml

@@ -1,2 +1,2 @@
 url: local
-version: 101.1.0+up1.15.3
+version: 101.1.1+up1.15.3

release.yaml

@@ -24,6 +24,7 @@ rancher-eks-operator-crd:
 - 101.2.0+up1.2.0-rc2
 rancher-istio:
 - 101.1.0+up1.15.3
+- 101.1.1+up1.15.3
 rancher-logging-crd:
 - 101.1.0+up3.17.10
 rancher-monitoring: