From 7f610e7b83b2bbb06fa2af826369a1713edce95a Mon Sep 17 00:00:00 2001
From: Brenda Rearden <brenda@rancher.com>
Date: Wed, 15 Dec 2021 06:52:07 -0700
Subject: [PATCH] (dev-v2.6-archive) Merge pull request #1652 from
 brendarearden/2.6.3-kube-version

2.6.3 kube version

(partially cherry picked from commit 49e34f78b464e4d56a0b332a0f970db4734291a8)
---
 .../rancher-cis-benchmark/charts/Chart.yaml   |  1 +
 .../templates/podsecuritypolicy.yaml.patch    | 22 +------------------
 .../generated-changes/patch/Chart.yaml.patch  |  3 ++-
 3 files changed, 4 insertions(+), 22 deletions(-)

diff --git a/packages/rancher-cis-benchmark/charts/Chart.yaml b/packages/rancher-cis-benchmark/charts/Chart.yaml
index a94b7c2d6..475c699a4 100644
--- a/packages/rancher-cis-benchmark/charts/Chart.yaml
+++ b/packages/rancher-cis-benchmark/charts/Chart.yaml
@@ -17,3 +17,4 @@ annotations:
   catalog.cattle.io/os: linux
   catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match
   catalog.cattle.io/rancher-version: ">= 2.6.0-0"
+  catalog.cattle.io/kube-version: ">=1.16.0-0"
diff --git a/packages/rancher-grafana/generated-changes/patch/templates/podsecuritypolicy.yaml.patch b/packages/rancher-grafana/generated-changes/patch/templates/podsecuritypolicy.yaml.patch
index f1a91fd35..439672d3e 100644
--- a/packages/rancher-grafana/generated-changes/patch/templates/podsecuritypolicy.yaml.patch
+++ b/packages/rancher-grafana/generated-changes/patch/templates/podsecuritypolicy.yaml.patch
@@ -1,6 +1,6 @@
 --- charts-original/templates/podsecuritypolicy.yaml
 +++ charts/templates/podsecuritypolicy.yaml
-@@ -5,19 +5,27 @@
+@@ -5,13 +5,9 @@
    name: {{ template "grafana.fullname" . }}
    labels:
      {{- include "grafana.labels" . | nindent 4 }}
@@ -17,23 +17,3 @@
  spec:
    privileged: false
    allowPrivilegeEscalation: false
-   requiredDropCapabilities:
--    # Default set from Docker, with DAC_OVERRIDE and CHOWN
--      - ALL
-+    # The list comes from K8s' pod security standards, with only CHOWN left
-+    # ref: https://kubernetes.io/docs/concepts/security/pod-security-standards/
-+    - AUDIT_WRITE
-+    - DAC_OVERRIDE
-+    - FOWNER
-+    - FSETID
-+    - KILL
-+    - MKNOD
-+    - NET_BIND_SERVICE
-+    - SETFCAP
-+    - SETGID
-+    - SETPCAP
-+    - SETUID
-+    - SYS_CHROOT
-   volumes:
-     - 'configMap'
-     - 'emptyDir'
diff --git a/packages/rancher-logging/generated-changes/patch/Chart.yaml.patch b/packages/rancher-logging/generated-changes/patch/Chart.yaml.patch
index f42b13e65..b06e2e31b 100644
--- a/packages/rancher-logging/generated-changes/patch/Chart.yaml.patch
+++ b/packages/rancher-logging/generated-changes/patch/Chart.yaml.patch
@@ -1,6 +1,6 @@
 --- charts-original/Chart.yaml
 +++ charts/Chart.yaml
-@@ -1,5 +1,19 @@
+@@ -1,5 +1,20 @@
  apiVersion: v1
  appVersion: 3.15.0
 -description: A Helm chart to install Banzai Cloud logging-operator
@@ -22,3 +22,4 @@
 +  catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1
 +  catalog.cattle.io/display-name: "Logging"
 +  catalog.cattle.io/auto-install: rancher-logging-crd=match
++  catalog.cattle.io/kube-version: ">=1.16.0-0"