Skip to content

Commit ccb24f5

Browse files
KyriosGN0DrFaust92zeritti
authored
[prometheus-operator-admission-webhook] remove support for psp (#5818)
Signed-off-by: AvivGuiser <avivguiser@gmail.com> Signed-off-by: Ilia Lazebnik <Ilia.lazebnik@gmail.com> Signed-off-by: zeritti <47476160+zeritti@users.noreply.github.com> Co-authored-by: Ilia Lazebnik <Ilia.lazebnik@gmail.com> Co-authored-by: zeritti <47476160+zeritti@users.noreply.github.com>
1 parent 3ca4cc8 commit ccb24f5

File tree

10 files changed

+10
-161
lines changed

10 files changed

+10
-161
lines changed

charts/prometheus-operator-admission-webhook/Chart.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
apiVersion: v2
33
description: Prometheus Operator Admission Webhook
44
name: prometheus-operator-admission-webhook
5-
version: 0.34.0
5+
version: 0.35.0
66
# renovate: github=prometheus-operator/prometheus-operator
77
appVersion: 0.88.0
88
home: https://github.com/prometheus-operator/prometheus-operator
Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
---
2+
networkPolicy:
3+
enabled: true
4+
labels:
5+
foo: bar
6+
baz: qux

charts/prometheus-operator-admission-webhook/templates/hooks/clusterrole.yaml

Lines changed: 0 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -25,16 +25,4 @@ rules:
2525
- get
2626
- update
2727
- patch
28-
{{- if and (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") .Values.rbac.pspEnabled }}
29-
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.Version .Values.kubeVersionOverride }}
30-
{{- if semverCompare "> 1.15.0-0" $kubeTargetVersion }}
31-
- apiGroups: ['policy']
32-
{{- else }}
33-
- apiGroups: ['extensions']
34-
{{- end }}
35-
resources: ['podsecuritypolicies']
36-
verbs: ['use']
37-
resourceNames:
38-
- {{ include "prometheus-operator-admission-webhook.fullname" . }}-aux
39-
{{- end }}
4028
{{- end }}

charts/prometheus-operator-admission-webhook/templates/hooks/psp.yaml

Lines changed: 0 additions & 49 deletions
This file was deleted.

charts/prometheus-operator-admission-webhook/templates/hooks/role.yaml

Lines changed: 0 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -24,14 +24,4 @@ rules:
2424
verbs:
2525
- get
2626
- create
27-
{{- if and .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }}
28-
- apiGroups:
29-
- policy
30-
resources:
31-
- podsecuritypolicies
32-
resourceNames:
33-
- {{ include "prometheus-operator-admission-webhook.fullname" . }}-aux
34-
verbs:
35-
- use
36-
{{- end }}
3727
{{- end }}

charts/prometheus-operator-admission-webhook/templates/psp.yaml

Lines changed: 0 additions & 36 deletions
This file was deleted.

charts/prometheus-operator-admission-webhook/templates/role.yaml

Lines changed: 0 additions & 21 deletions
This file was deleted.

charts/prometheus-operator-admission-webhook/templates/rolebinding.yaml

Lines changed: 0 additions & 17 deletions
This file was deleted.

charts/prometheus-operator-admission-webhook/values.schema.json

Lines changed: 0 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -312,17 +312,6 @@
312312
}
313313
}
314314
},
315-
"rbac": {
316-
"type": "object",
317-
"properties": {
318-
"create": {
319-
"type": "boolean"
320-
},
321-
"pspEnabled": {
322-
"type": "boolean"
323-
}
324-
}
325-
},
326315
"readinessProbe": {
327316
"type": "object",
328317
"properties": {

charts/prometheus-operator-admission-webhook/values.yaml

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -225,11 +225,10 @@ updateStrategy:
225225
maxSurge: 1
226226
maxUnavailable: 0
227227

228-
## rbac allows creating roles and pod security policy
229-
## Ref. https://kubernetes.io/docs/concepts/security/pod-security-policy/
228+
## rbac allows creating roles
229+
## Ref. https://kubernetes.io/docs/reference/access-authn-authz/rbac/#role-and-clusterrole
230230
rbac:
231231
create: true
232-
pspEnabled: false
233232

234233
## image sets webhook container image parameters
235234
image:
@@ -338,7 +337,7 @@ prometheusRule:
338337
labels: {}
339338
# release: kube-prometheus-stack
340339
rules: []
341-
# - alert: Admission webhook target down
340+
# - alert: PrometheusOperatorAdmissionWebhookTargetDown
342341
# expr: up{namespace="{{ include "prometheus-operator-admission-webhook.namespace" . }}",
343342
# service="{{ include "prometheus-operator-admission-webhook.fullname" . }}"} == 0
344343
# for: 5m

0 commit comments

Comments
 (0)