X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=blobdiff_plain;f=helm%2Finfrastructure%2Fsubcharts%2Fkong%2Ftemplates%2Fpsp.yaml;h=bc9844798bc6d543bb69974000e5ec7dc68ec790;hb=refs%2Fchanges%2F69%2F12969%2F1;hp=a627152d6ed4ccff8aa2094fcea3252ac7345a3a;hpb=29fd3d26b21d59213a8c08d34363fab60a6bd34c;p=ric-plt%2Fric-dep.git

diff --git a/helm/infrastructure/subcharts/kong/templates/psp.yaml b/helm/infrastructure/subcharts/kong/templates/psp.yaml
old mode 100755
new mode 100644
index a627152..bc98447
--- a/helm/infrastructure/subcharts/kong/templates/psp.yaml
+++ b/helm/infrastructure/subcharts/kong/templates/psp.yaml
@@ -1,30 +1,23 @@
-{{- if .Values.podSecurityPolicy.enabled }}
-apiVersion: policy/v1beta1
+{{- if and (.Values.podSecurityPolicy.enabled) }}
+apiVersion: {{ include "kong.policyVersion" . }}
 kind: PodSecurityPolicy
 metadata:
   name: {{ template "kong.serviceAccountName" . }}-psp
   labels:
     {{- include "kong.metaLabels" . | nindent 4 }}
+  {{- with .Values.podSecurityPolicy.labels }}
+  {{- range $key, $value := . }}
+    {{ $key }}: {{ $value }}
+  {{- end }}
+  {{- end }}
+  {{- with .Values.podSecurityPolicy.annotations }}
+  annotations:
+  {{- range $key, $value := . }}
+    {{ $key }}: {{ $value | quote }}
+  {{- end }}
+  {{- end }}
 spec:
-  privileged: false
-  fsGroup:
-    rule: RunAsAny
-  runAsUser:
-    rule: RunAsAny
-  runAsGroup:
-    rule: RunAsAny
-  seLinux:
-    rule: RunAsAny
-  supplementalGroups:
-    rule: RunAsAny
-  volumes:
-    - 'configMap'
-    - 'secret'
-    - 'emptyDir'
-  allowPrivilegeEscalation: false
-  hostNetwork: false
-  hostIPC: false
-  hostPID: false
+{{ .Values.podSecurityPolicy.spec | toYaml | indent 2 }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -34,7 +27,7 @@ metadata:
     {{- include "kong.metaLabels" . | nindent 4 }}
 rules:
   - apiGroups:
-      - extensions
+      - policy
     resources:
       - podsecuritypolicies
     verbs:
@@ -46,13 +39,13 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   name: {{ template "kong.serviceAccountName" . }}-psp
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ template "kong.namespace" . }}
   labels:
     {{- include "kong.metaLabels" . | nindent 4 }}
 subjects:
   - kind: ServiceAccount
     name: {{ template "kong.serviceAccountName" . }}
-    namespace: {{ .Release.Namespace }}
+    namespace: {{ template "kong.namespace" . }}
 roleRef:
   kind: ClusterRole
   name: {{ template "kong.serviceAccountName" . }}-psp