add condition to check for PSP capability in rancher-gatekeeper-crd

pull/2274/head
Rayan Das 2022-12-16 16:33:52 +05:30
parent 2c1e0bd6bf
commit 5d1f34e8dd
2 changed files with 5 additions and 2 deletions

View File

@ -20,7 +20,7 @@
tag: v3.10.0
pullPolicy: IfNotPresent
pullSecrets: []
@@ -80,8 +80,8 @@
@@ -80,7 +80,7 @@
probeWebhook:
enabled: true
image:
@ -29,7 +29,6 @@
tag: 7.83.1
pullPolicy: IfNotPresent
pullSecrets: []
waitTimeout: 60
@@ -104,7 +104,7 @@
extraRules: []
enabled: false

View File

@ -10,11 +10,13 @@ rules:
resources:
- customresourcedefinitions
verbs: ['create', 'get', 'patch', 'delete']
{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }}
- apiGroups: ['policy']
resources: ['podsecuritypolicies']
verbs: ['use']
resourceNames:
- {{ .Chart.Name }}-manager
{{- end }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
@ -39,6 +41,7 @@ metadata:
labels:
app: {{ .Chart.Name }}-manager
---
{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
@ -70,3 +73,4 @@ spec:
volumes:
- 'configMap'
- 'secret'
{{- end }}