From a962fa23571535e986c8d482fd868c21a352fa00 Mon Sep 17 00:00:00 2001 From: Ugur Can Ozturk <57688057+ugur99@users.noreply.github.com> Date: Tue, 13 Jun 2023 02:55:57 +0200 Subject: [PATCH] [podSecurityConfiguration]: fix apiVersion and change default policy versions (#10210) Signed-off-by: Ugur --- roles/kubernetes/control-plane/defaults/main/main.yml | 6 +++--- .../kubernetes/control-plane/templates/podsecurity.yaml.j2 | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/kubernetes/control-plane/defaults/main/main.yml b/roles/kubernetes/control-plane/defaults/main/main.yml index a97f2f965..c25fbc10d 100644 --- a/roles/kubernetes/control-plane/defaults/main/main.yml +++ b/roles/kubernetes/control-plane/defaults/main/main.yml @@ -106,11 +106,11 @@ kube_apiserver_admission_event_rate_limits: {} kube_pod_security_use_default: false kube_pod_security_default_enforce: baseline -kube_pod_security_default_enforce_version: latest +kube_pod_security_default_enforce_version: "{{ kube_major_version }}" kube_pod_security_default_audit: restricted -kube_pod_security_default_audit_version: latest +kube_pod_security_default_audit_version: "{{ kube_major_version }}" kube_pod_security_default_warn: restricted -kube_pod_security_default_warn_version: latest +kube_pod_security_default_warn_version: "{{ kube_major_version }}" kube_pod_security_exemptions_usernames: [] kube_pod_security_exemptions_runtime_class_names: [] kube_pod_security_exemptions_namespaces: diff --git a/roles/kubernetes/control-plane/templates/podsecurity.yaml.j2 b/roles/kubernetes/control-plane/templates/podsecurity.yaml.j2 index 5d39576ff..0a650fa10 100644 --- a/roles/kubernetes/control-plane/templates/podsecurity.yaml.j2 +++ b/roles/kubernetes/control-plane/templates/podsecurity.yaml.j2 @@ -1,5 +1,5 @@ {% if kube_pod_security_use_default %} -apiVersion: pod-security.admission.config.k8s.io/v1beta1 +apiVersion: pod-security.admission.config.k8s.io/v1 kind: PodSecurityConfiguration defaults: enforce: "{{ kube_pod_security_default_enforce }}"