diff --git a/CHANGELOG.md b/CHANGELOG.md index 2afee87..5cb4d73 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Update Kyverno PolicyException to v2beta1. +### Removed + +- Remove PSP. + ## [0.9.0] - 2024-10-03 ### Added diff --git a/helm/object-storage-operator/templates/_resource.tpl b/helm/object-storage-operator/templates/_resource.tpl index c192a1f..f792224 100644 --- a/helm/object-storage-operator/templates/_resource.tpl +++ b/helm/object-storage-operator/templates/_resource.tpl @@ -15,10 +15,6 @@ room for such suffix. {{- include "resource.default.name" . -}}-network-policy {{- end -}} -{{- define "resource.psp.name" -}} -{{- include "resource.default.name" . -}}-psp -{{- end -}} - {{- define "resource.policyException.name" -}} {{- include "resource.default.name" . -}}-policy-exception {{- end -}} diff --git a/helm/object-storage-operator/templates/policy-exception.yaml b/helm/object-storage-operator/templates/policy-exception.yaml index b00bb78..3b6d443 100644 --- a/helm/object-storage-operator/templates/policy-exception.yaml +++ b/helm/object-storage-operator/templates/policy-exception.yaml @@ -1,4 +1,3 @@ -{{- if .Values.global.podSecurityStandards.enforced }} {{- if .Capabilities.APIVersions.Has "kyverno.io/v2beta1/PolicyException" }} {{- if eq .Values.managementCluster.provider.kind "capz" }} apiVersion: kyverno.io/v2beta1 @@ -33,4 +32,3 @@ spec: - {{ include "resource.default.namespace" . }} {{- end }} {{- end }} -{{- end }} diff --git a/helm/object-storage-operator/templates/psp.yaml b/helm/object-storage-operator/templates/psp.yaml deleted file mode 100644 index f9b50a0..0000000 --- a/helm/object-storage-operator/templates/psp.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- if not .Values.global.podSecurityStandards.enforced }} -{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - annotations: - seccomp.security.alpha.kubernetes.io/allowedProfileNames: runtime/default - labels: - {{- include "labels.common" . | nindent 4 }} - name: {{ include "resource.psp.name" . }} -spec: - privileged: false - fsGroup: - rule: MustRunAs - ranges: - - min: 1 - max: 65535 - runAsUser: - rule: RunAsAny - runAsGroup: - rule: MustRunAs - ranges: - - min: 1 - max: 65535 - seLinux: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - allowPrivilegeEscalation: false - hostNetwork: {{ eq .Values.managementCluster.provider.kind "capz" }} - hostIPC: false - hostPID: false - volumes: - - secret - - projected -{{- end }} -{{- end }} diff --git a/helm/object-storage-operator/templates/rbac.yaml b/helm/object-storage-operator/templates/rbac.yaml index 08e3425..da9d69e 100644 --- a/helm/object-storage-operator/templates/rbac.yaml +++ b/helm/object-storage-operator/templates/rbac.yaml @@ -115,39 +115,3 @@ roleRef: kind: ClusterRole name: {{ include "resource.default.name" . }} apiGroup: rbac.authorization.k8s.io ---- -{{- if not .Values.global.podSecurityStandards.enforced }} -{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - {{- include "labels.common" . | nindent 4 }} - name: {{ include "resource.psp.name" . }} -rules: - - apiGroups: - - policy - - extensions - resources: - - podsecuritypolicies - verbs: - - use - resourceNames: - - {{ include "resource.psp.name" . }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - {{- include "labels.common" . | nindent 4 }} - name: {{ include "resource.psp.name" . }} -subjects: - - kind: ServiceAccount - name: {{ include "resource.default.name" . }} - namespace: {{ include "resource.default.namespace" . }} -roleRef: - kind: ClusterRole - name: {{ include "resource.psp.name" . }} - apiGroup: rbac.authorization.k8s.io -{{- end }} -{{- end }} diff --git a/helm/object-storage-operator/values.schema.json b/helm/object-storage-operator/values.schema.json index 5305d82..f00b5ea 100644 --- a/helm/object-storage-operator/values.schema.json +++ b/helm/object-storage-operator/values.schema.json @@ -43,19 +43,6 @@ } } }, - "global": { - "type": "object", - "properties": { - "podSecurityStandards": { - "type": "object", - "properties": { - "enforced": { - "type": "boolean" - } - } - } - } - }, "image": { "type": "object", "properties": { @@ -73,6 +60,9 @@ "managementCluster": { "type": "object", "properties": { + "baseDomain": { + "type": "string" + }, "name": { "type": "string" }, @@ -86,9 +76,15 @@ "type": "string" } } + }, + "region": { + "type": "string" } } }, + "metricsPort": { + "type": "integer" + }, "networkPolicy": { "type": "object", "properties": { @@ -116,6 +112,9 @@ } } }, + "probePort": { + "type": "integer" + }, "resources": { "type": "object", "properties": { diff --git a/helm/object-storage-operator/values.yaml b/helm/object-storage-operator/values.yaml index 0b2ffe7..219a5c8 100644 --- a/helm/object-storage-operator/values.yaml +++ b/helm/object-storage-operator/values.yaml @@ -1,7 +1,3 @@ -global: - podSecurityStandards: - enforced: false - image: registry: gsoci.azurecr.io repository: "giantswarm/object-storage-operator"