Merge pull request #1346 from banzaicloud/disable-psp

[K8s 1.25 Support] Disable PodSecurityPolicy in prometheus operator charts

prometheus-operator-standalone/Chart.yaml

@@ -8,7 +8,7 @@ keywords:
 - operator
 - prometheus
 name: prometheus-operator-standalone
-version: 13.4.0
+version: 13.4.1
 kubeVersion: ">=1.16.0-0"
 sources:
   - https://github.com/banzaicloud/banzai-charts

prometheus-operator-standalone/templates/psp-clusterrole.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.pspEnabled }}
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
@@ -10,4 +11,4 @@ rules:
   verbs:     ['use']
   resourceNames:
   - {{ template "prometheus-operator.fullname" . }}
-
+{{- end }}

prometheus-operator-standalone/templates/psp-clusterrolebinding.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.pspEnabled }}
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
@@ -12,3 +13,4 @@ subjects:
   - kind: ServiceAccount
     name: {{ template "prometheus-operator.fullname" . }}
     namespace: {{ .Release.Namespace }}
+{{- end }}

prometheus-operator-standalone/templates/psp.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.pspEnabled }}
 apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
 metadata:
@@ -46,3 +47,4 @@ spec:
       - min: 0
         max: 65535
   readOnlyRootFilesystem: false
+{{- end }}

prometheus-operator-standalone/values.yaml

@@ -19,7 +19,7 @@ kubeTargetVersionOverride: ""
 fullnameOverride: ""
 
 
-
+pspEnabled: false
 pspAnnotations: {}
 ## Specify pod annotations
 ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor