[podSecurityConfiguration]: fix apiVersion and change default policy versions (#10210)

Signed-off-by: Ugur <ugurozturk918@gmail.com>
2023-06-13 02:55:57 +02:00 · 2023-06-13 02:55:57 +02:00 · a962fa2357
parent 775851b00c
commit a962fa2357
2 changed files with 4 additions and 4 deletions
--- a/roles/kubernetes/control-plane/defaults/main/main.yml
+++ b/roles/kubernetes/control-plane/defaults/main/main.yml
@ -106,11 +106,11 @@ kube_apiserver_admission_event_rate_limits: {}

 kube_pod_security_use_default: false
 kube_pod_security_default_enforce: baseline
-kube_pod_security_default_enforce_version: latest
+kube_pod_security_default_enforce_version: "{{ kube_major_version }}"
 kube_pod_security_default_audit: restricted
-kube_pod_security_default_audit_version: latest
+kube_pod_security_default_audit_version: "{{ kube_major_version }}"
 kube_pod_security_default_warn: restricted
-kube_pod_security_default_warn_version: latest
+kube_pod_security_default_warn_version: "{{ kube_major_version }}"
 kube_pod_security_exemptions_usernames: []
 kube_pod_security_exemptions_runtime_class_names: []
 kube_pod_security_exemptions_namespaces:
--- a/roles/kubernetes/control-plane/templates/podsecurity.yaml.j2
+++ b/roles/kubernetes/control-plane/templates/podsecurity.yaml.j2
@ -1,5 +1,5 @@
 {% if kube_pod_security_use_default %}
-apiVersion: pod-security.admission.config.k8s.io/v1beta1
+apiVersion: pod-security.admission.config.k8s.io/v1
 kind: PodSecurityConfiguration
 defaults:
  enforce: "{{ kube_pod_security_default_enforce }}"