From 489933f001cddafc372e9d0e9216c62e9092d5bc Mon Sep 17 00:00:00 2001 From: Vaishnav Gaikwad Date: Wed, 14 Dec 2022 16:06:50 +0530 Subject: [PATCH] add condition to check for PSP capability in rancher-istio --- .../1.15/rancher-istio/charts/templates/clusterrole.yaml | 2 ++ .../1.15/rancher-istio/charts/templates/istio-cni-psp.yaml | 4 +++- .../rancher-istio/charts/templates/istio-install-psp.yaml | 2 ++ .../1.15/rancher-istio/charts/templates/istio-psp.yaml | 2 ++ packages/rancher-istio/1.15/rancher-istio/package.yaml | 2 +- release.yaml | 1 + 6 files changed, 11 insertions(+), 2 deletions(-) diff --git a/packages/rancher-istio/1.15/rancher-istio/charts/templates/clusterrole.yaml b/packages/rancher-istio/1.15/rancher-istio/charts/templates/clusterrole.yaml index d8c6b40a4..53d53e033 100644 --- a/packages/rancher-istio/1.15/rancher-istio/charts/templates/clusterrole.yaml +++ b/packages/rancher-istio/1.15/rancher-istio/charts/templates/clusterrole.yaml @@ -122,6 +122,7 @@ rules: - serviceaccounts verbs: - '*' +{{- if and .Values.global.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} - apiGroups: - policy resourceNames: @@ -130,3 +131,4 @@ rules: - podsecuritypolicies verbs: - use +{{- end }} diff --git a/packages/rancher-istio/1.15/rancher-istio/charts/templates/istio-cni-psp.yaml b/packages/rancher-istio/1.15/rancher-istio/charts/templates/istio-cni-psp.yaml index 5b94c8503..5daeb0adb 100644 --- a/packages/rancher-istio/1.15/rancher-istio/charts/templates/istio-cni-psp.yaml +++ b/packages/rancher-istio/1.15/rancher-istio/charts/templates/istio-cni-psp.yaml @@ -1,4 +1,5 @@ {{- if .Values.global.rbac.pspEnabled }} +{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }} apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: @@ -48,4 +49,5 @@ rules: - podsecuritypolicies verbs: - use -{{- end }} \ No newline at end of file +{{- end }} +{{- end }} diff --git a/packages/rancher-istio/1.15/rancher-istio/charts/templates/istio-install-psp.yaml b/packages/rancher-istio/1.15/rancher-istio/charts/templates/istio-install-psp.yaml index f0b5ee565..a164a8642 100644 --- a/packages/rancher-istio/1.15/rancher-istio/charts/templates/istio-install-psp.yaml +++ b/packages/rancher-istio/1.15/rancher-istio/charts/templates/istio-install-psp.yaml @@ -1,4 +1,5 @@ {{- if .Values.global.rbac.pspEnabled }} +{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }} apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: @@ -27,4 +28,5 @@ spec: volumes: - 'configMap' - 'secret' +{{- end }} {{- end }} \ No newline at end of file diff --git a/packages/rancher-istio/1.15/rancher-istio/charts/templates/istio-psp.yaml b/packages/rancher-istio/1.15/rancher-istio/charts/templates/istio-psp.yaml index b3758b74f..f901988fa 100644 --- a/packages/rancher-istio/1.15/rancher-istio/charts/templates/istio-psp.yaml +++ b/packages/rancher-istio/1.15/rancher-istio/charts/templates/istio-psp.yaml @@ -1,4 +1,5 @@ {{- if .Values.global.rbac.pspEnabled }} +{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }} apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: @@ -78,4 +79,5 @@ spec: - secret - downwardAPI - persistentVolumeClaim +{{- end }} {{- end }} \ No newline at end of file diff --git a/packages/rancher-istio/1.15/rancher-istio/package.yaml b/packages/rancher-istio/1.15/rancher-istio/package.yaml index f1ab6ff30..6e61125be 100644 --- a/packages/rancher-istio/1.15/rancher-istio/package.yaml +++ b/packages/rancher-istio/1.15/rancher-istio/package.yaml @@ -1,2 +1,2 @@ url: local -version: 101.1.0+up1.15.3 +version: 101.1.1+up1.15.3 diff --git a/release.yaml b/release.yaml index 5b14a7e8e..cb9c327c7 100644 --- a/release.yaml +++ b/release.yaml @@ -24,6 +24,7 @@ rancher-eks-operator-crd: - 101.2.0+up1.2.0-rc2 rancher-istio: - 101.1.0+up1.15.3 +- 101.1.1+up1.15.3 rancher-logging-crd: - 101.1.0+up3.17.10 rancher-monitoring: