charts: fix k8s v1.25 compatibility for PSP (#506)

* ci: add k8s v1.25 to testing matrix * charts: fix PSP compatibility check to work with ArgoCD Related: #505
VictoriaMetrics · Mar 29, 2023 · 3311e77 · 3311e77
1 parent acb6504
commit 3311e77
Show file tree

Hide file tree

Showing 14 changed files with 23 additions and 23 deletions.
diff --git a/.github/workflows/run-testing.yaml b/.github/workflows/run-testing.yaml
@@ -50,7 +50,7 @@ jobs:
     strategy:
       matrix:
         chart: ${{ fromJSON(needs.get-changed-charts.outputs.charts) }}
-        k8s_version: ["v1.22.16", "v1.23.14", "v1.24.8"]
+        k8s_version: ["v1.22.16", "v1.23.14", "v1.24.8", "v1.25.8"]
       fail-fast: false
     steps:
       - name: Checkout

diff --git a/charts/victoria-metrics-agent/templates/clusterrole.yaml b/charts/victoria-metrics-agent/templates/clusterrole.yaml
@@ -41,7 +41,7 @@ rules:
 - nonResourceURLs: ["/metrics"]
   verbs: ["get"]
 {{- end }}
-{{- if and .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1") }}
+{{- if and .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }}
 - apiGroups:      ['extensions']
   resources:      ['podsecuritypolicies']
   verbs:          ['use']

diff --git a/charts/victoria-metrics-agent/templates/podsecuritypolicy.yaml b/charts/victoria-metrics-agent/templates/podsecuritypolicy.yaml
@@ -1,4 +1,4 @@
-{{- if and .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1") }}
+{{- if and .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }}
 apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
 metadata:

diff --git a/charts/victoria-metrics-alert/templates/podsecuritypolicy.yaml b/charts/victoria-metrics-alert/templates/podsecuritypolicy.yaml
@@ -1,4 +1,4 @@
-{{- if and .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1") }}
+{{- if and .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }}
 apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
 metadata:
@@ -39,4 +39,4 @@ spec:
   fsGroup:
     rule: 'RunAsAny'
   readOnlyRootFilesystem: false
-{{- end }}
+{{- end }}
diff --git a/charts/victoria-metrics-alert/templates/role.yaml b/charts/victoria-metrics-alert/templates/role.yaml
@@ -14,12 +14,12 @@ metadata:
 {{ toYaml . | indent 4 }}
 {{- end }}
 rules:
-{{- if and .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1") }}
+{{- if and .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }}
 - apiGroups:      ['extensions']
   resources:      ['podsecuritypolicies']
   verbs:          ['use']
   resourceNames:  [{{ template "vmalert.server.fullname" . }}]
 {{- else }}
 rules: []
 {{- end }}
-{{- end }}
+{{- end }}
diff --git a/charts/victoria-metrics-auth/templates/podsecuritypolicy.yaml b/charts/victoria-metrics-auth/templates/podsecuritypolicy.yaml
@@ -1,4 +1,4 @@
-{{- if and .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1") }}
+{{- if and .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }}
 apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
 metadata:
@@ -39,4 +39,4 @@ spec:
   fsGroup:
     rule: 'RunAsAny'
   readOnlyRootFilesystem: false
-{{- end }}
+{{- end }}
diff --git a/charts/victoria-metrics-cluster/templates/clusterrole.yaml b/charts/victoria-metrics-cluster/templates/clusterrole.yaml
@@ -12,7 +12,7 @@ metadata:
   annotations:
 {{ toYaml . | indent 4 }}
 {{- end }}
-{{- if and .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1") }}
+{{- if and .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }}
 rules:
   - apiGroups:      ['extensions']
     resources:      ['podsecuritypolicies']

diff --git a/charts/victoria-metrics-cluster/templates/podsecuritypolicy.yaml b/charts/victoria-metrics-cluster/templates/podsecuritypolicy.yaml
@@ -1,4 +1,4 @@
-{{- if and .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1") }}
+{{- if and .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }}
 apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
 metadata:
@@ -39,4 +39,4 @@ spec:
   fsGroup:
     rule: 'RunAsAny'
   readOnlyRootFilesystem: false
-{{- end }}
+{{- end }}
diff --git a/charts/victoria-metrics-cluster/templates/role.yaml b/charts/victoria-metrics-cluster/templates/role.yaml
@@ -13,7 +13,7 @@ metadata:
   annotations:
 {{ toYaml . | indent 4 }}
 {{- end }}
-{{- if and .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1") }}
+{{- if and .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }}
 rules:
 - apiGroups:      ['extensions']
   resources:      ['podsecuritypolicies']
@@ -22,4 +22,4 @@ rules:
 {{- else }}
 rules: []
 {{- end }}
-{{- end }}
+{{- end }}
diff --git a/charts/victoria-metrics-operator/templates/psp.yaml b/charts/victoria-metrics-operator/templates/psp.yaml
@@ -1,4 +1,4 @@
-{{- if and .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1") }}
+{{- if and .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }}
 apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
 metadata:
@@ -84,4 +84,4 @@ roleRef:
   name: {{ include "vm-operator.fullname" . }}-psp
   apiGroup: rbac.authorization.k8s.io
 ---
-{{- end }}
+{{- end }}
diff --git a/charts/victoria-metrics-single/templates/clusterrole.yaml b/charts/victoria-metrics-single/templates/clusterrole.yaml
@@ -38,7 +38,7 @@ rules:
   - nonResourceURLs: [ "/metrics" ]
     verbs: [ "get" ]
   {{- end }}
-  {{- if and .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1") }}
+  {{- if and .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }}
   - apiGroups:      ['extensions']
     resources:      ['podsecuritypolicies']
     verbs:          ['use']

diff --git a/charts/victoria-metrics-single/templates/podsecuritypolicy.yaml b/charts/victoria-metrics-single/templates/podsecuritypolicy.yaml
@@ -1,4 +1,4 @@
-{{- if and .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1") }}
+{{- if and .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }}
 apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
 metadata:
@@ -39,4 +39,4 @@ spec:
   fsGroup:
     rule: 'RunAsAny'
   readOnlyRootFilesystem: false
-{{- end }}
+{{- end }}
diff --git a/charts/victoria-metrics-single/templates/role.yaml b/charts/victoria-metrics-single/templates/role.yaml
@@ -1,4 +1,4 @@
-{{- if and .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1") }}
+{{- if and .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }}
 {{- if .Values.rbac.create -}}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
@@ -20,4 +20,4 @@ rules:
   verbs:          ['use']
   resourceNames:  [{{ template "victoria-metrics.fullname" . }}]
 {{- end }}
-{{- end }}
+{{- end }}
diff --git a/charts/victoria-metrics-single/templates/rolebinding.yaml b/charts/victoria-metrics-single/templates/rolebinding.yaml
@@ -1,4 +1,4 @@
-{{- if and .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1") }}
+{{- if and .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }}
 {{- if .Values.rbac.create -}}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
@@ -23,4 +23,4 @@ subjects:
   name: {{ template "victoria-metrics.serviceAccountName" . }}
   namespace: {{ .Release.Namespace }}
 {{- end }}
-{{- end }}
+{{- end }}