diff --git a/CHANGELOG.md b/CHANGELOG.md index c706773..4d24872 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Changed + +- Add condition for PSP installation in helm chart. + ## [1.21.0] - 2023-09-27 ### Added diff --git a/helm/promxy-app/templates/psp.yaml b/helm/promxy-app/templates/psp.yaml index c2406be..aad9af1 100644 --- a/helm/promxy-app/templates/psp.yaml +++ b/helm/promxy-app/templates/psp.yaml @@ -1,3 +1,5 @@ +{{- if not .Values.global.podSecurityStandards.enforced }} +{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }} apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: @@ -31,3 +33,5 @@ spec: hostNetwork: false hostIPC: false hostPID: false +{{- end }} +{{- end }} diff --git a/helm/promxy-app/templates/rbac.yaml b/helm/promxy-app/templates/rbac.yaml index 0492fab..8f5a3ff 100644 --- a/helm/promxy-app/templates/rbac.yaml +++ b/helm/promxy-app/templates/rbac.yaml @@ -30,6 +30,8 @@ roleRef: name: {{ include "resource.default.name" . }} apiGroup: rbac.authorization.k8s.io --- +{{- if not .Values.global.podSecurityStandards.enforced }} +{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -61,3 +63,5 @@ roleRef: kind: ClusterRole name: {{ include "resource.psp.name" . }} apiGroup: rbac.authorization.k8s.io +{{- end }} +{{- end }} diff --git a/helm/promxy-app/values.schema.json b/helm/promxy-app/values.schema.json index 9770a0c..ade5cd0 100644 --- a/helm/promxy-app/values.schema.json +++ b/helm/promxy-app/values.schema.json @@ -2,6 +2,19 @@ "$schema": "http://json-schema.org/schema#", "type": "object", "properties": { + "global": { + "type": "object", + "properties": { + "podSecurityStandards": { + "type": "object", + "properties": { + "enforced": { + "type": "boolean" + } + } + } + } + }, "ingress": { "type": "object", "properties": { diff --git a/helm/promxy-app/values.yaml b/helm/promxy-app/values.yaml index a8761e9..babc454 100644 --- a/helm/promxy-app/values.yaml +++ b/helm/promxy-app/values.yaml @@ -3,6 +3,10 @@ kyvernoPolicyExceptions: enabled: true namespace: giantswarm +global: + podSecurityStandards: + enforced: false + monitoring: prometheus: host: ""