add condition to check for PSP capability in rancher-gatekeeper-crd

2022-12-16 16:33:52 +05:30 · 2022-12-16 16:33:52 +05:30 · 5d1f34e8dd
parent 2c1e0bd6bf
commit 5d1f34e8dd
2 changed files with 5 additions and 2 deletions
--- a/packages/rancher-gatekeeper/generated-changes/patch/values.yaml.patch
+++ b/packages/rancher-gatekeeper/generated-changes/patch/values.yaml.patch
@ -20,7 +20,7 @@
       tag: v3.10.0
       pullPolicy: IfNotPresent
       pullSecrets: []
-@@ -80,8 +80,8 @@
+@@ -80,7 +80,7 @@
   probeWebhook:
     enabled: true
     image:
@ -29,7 +29,6 @@
       tag: 7.83.1
       pullPolicy: IfNotPresent
       pullSecrets: []
     waitTimeout: 60
@@ -104,7 +104,7 @@
     extraRules: []
     enabled: false
--- a/packages/rancher-gatekeeper/templates/crd-template/templates/rbac.yaml
+++ b/packages/rancher-gatekeeper/templates/crd-template/templates/rbac.yaml
@ -10,11 +10,13 @@ rules:
  resources:
  - customresourcedefinitions
  verbs: ['create', 'get', 'patch', 'delete']
 {{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }}
 - apiGroups: ['policy']
  resources: ['podsecuritypolicies']
  verbs:     ['use']
  resourceNames:
  - {{ .Chart.Name }}-manager
 {{- end }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
@ -39,6 +41,7 @@ metadata:
  labels:
    app: {{ .Chart.Name }}-manager
 ---
 {{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }}
 apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
 metadata:
@ -70,3 +73,4 @@ spec:
  volumes:
    - 'configMap'
    - 'secret'
 {{- end }}