[rancher-sachet] Move role+rolebinding for PSPs to psp.yaml

2023-01-27 11:47:36 -08:00 · 2023-01-27 11:47:36 -08:00 · 71a483e3d2
parent 464036d847
commit 71a483e3d2
3 changed files with 30 additions and 32 deletions
--- a/packages/rancher-alerting/rancher-sachet/charts/templates/psp.yaml
+++ b/packages/rancher-alerting/rancher-sachet/charts/templates/psp.yaml
@ -28,4 +28,34 @@ spec:
  volumes:
    - 'configMap'
    - 'secret'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ include "sachet.fullname" . }}-psp
+  namespace: {{ include "sachet.namespace" . }}
+  labels: {{ include "sachet.labels" . | nindent 4 }}
+rules:
+  - apiGroups:
+      - policy
+    resourceNames:
+      - {{ include "sachet.fullname" . }}-psp
+    resources:
+      - podsecuritypolicies
+    verbs:
+      - use
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ include "sachet.fullname" . }}-psp
+  namespace: {{ include "sachet.namespace" . }}
+  labels: {{ include "sachet.labels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ include "sachet.fullname" . }}-psp
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "sachet.fullname" . }}
 {{- end }}
--- a/packages/rancher-alerting/rancher-sachet/charts/templates/role.yaml
+++ b/packages/rancher-alerting/rancher-sachet/charts/templates/role.yaml
@ -1,17 +0,0 @@
-{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: {{ include "sachet.fullname" . }}-psp
-  namespace: {{ include "sachet.namespace" . }}
-  labels: {{ include "sachet.labels" . | nindent 4 }}
-rules:
-  - apiGroups:
-      - policy
-    resourceNames:
-      - {{ include "sachet.fullname" . }}-psp
-    resources:
-      - podsecuritypolicies
-    verbs:
-      - use
-{{- end }}
--- a/packages/rancher-alerting/rancher-sachet/charts/templates/rolebinding.yaml
+++ b/packages/rancher-alerting/rancher-sachet/charts/templates/rolebinding.yaml
@ -1,15 +0,0 @@
-{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: {{ include "sachet.fullname" . }}-psp
-  namespace: {{ include "sachet.namespace" . }}
-  labels: {{ include "sachet.labels" . | nindent 4 }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: {{ include "sachet.fullname" . }}-psp
-subjects:
-  - kind: ServiceAccount
-    name: {{ include "sachet.fullname" . }}
-{{- end }}