remove psp (#262)

* remove psp

* Update values.yaml

* Update values.schema.json

CHANGELOG.md

@@ -11,6 +11,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 - Update Kyverno PolicyException to v2beta1.
 
+### Removed
+
+- Remove PSP.
+
 ## [0.9.0] - 2024-10-03
 
 ### Added

helm/object-storage-operator/templates/_resource.tpl

@@ -15,10 +15,6 @@ room for such suffix.
 {{- include "resource.default.name" . -}}-network-policy
 {{- end -}}
 
-{{- define "resource.psp.name" -}}
-{{- include "resource.default.name" . -}}-psp
-{{- end -}}
-
 {{- define "resource.policyException.name" -}}
 {{- include "resource.default.name" . -}}-policy-exception
 {{- end -}}

helm/object-storage-operator/templates/policy-exception.yaml

@@ -1,4 +1,3 @@
-{{- if .Values.global.podSecurityStandards.enforced }}
 {{- if .Capabilities.APIVersions.Has "kyverno.io/v2beta1/PolicyException" }}
 {{- if eq .Values.managementCluster.provider.kind "capz" }}
 apiVersion: kyverno.io/v2beta1
@@ -33,4 +32,3 @@ spec:
         - {{ include "resource.default.namespace" . }}
 {{- end }}
 {{- end }}
-{{- end }}

helm/object-storage-operator/templates/rbac.yaml

@@ -115,39 +115,3 @@ roleRef:
   kind: ClusterRole
   name: {{ include "resource.default.name" . }}
   apiGroup: rbac.authorization.k8s.io
----
-{{- if not .Values.global.podSecurityStandards.enforced }}
-{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  labels:
-    {{- include "labels.common" . | nindent 4 }}
-  name: {{ include "resource.psp.name" . }}
-rules:
-  - apiGroups:
-      - policy
-      - extensions
-    resources:
-      - podsecuritypolicies
-    verbs:
-      - use
-    resourceNames:
-      - {{ include "resource.psp.name" . }}
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  labels:
-    {{- include "labels.common" . | nindent 4 }}
-  name: {{ include "resource.psp.name" . }}
-subjects:
-  - kind: ServiceAccount
-    name: {{ include "resource.default.name" . }}
-    namespace: {{ include "resource.default.namespace" . }}
-roleRef:
-  kind: ClusterRole
-  name: {{ include "resource.psp.name" . }}
-  apiGroup: rbac.authorization.k8s.io
-{{- end }}
-{{- end }}

helm/object-storage-operator/values.schema.json

@@ -43,19 +43,6 @@
                 }
             }
         },
-        "global": {
-            "type": "object",
-            "properties": {
-                "podSecurityStandards": {
-                    "type": "object",
-                    "properties": {
-                        "enforced": {
-                            "type": "boolean"
-                        }
-                    }
-                }
-            }
-        },
         "image": {
             "type": "object",
             "properties": {
@@ -73,6 +60,9 @@
         "managementCluster": {
             "type": "object",
             "properties": {
+                "baseDomain": {
+                    "type": "string"
+                },
                 "name": {
                     "type": "string"
                 },
@@ -86,9 +76,15 @@
                             "type": "string"
                         }
                     }
+                },
+                "region": {
+                    "type": "string"
                 }
             }
         },
+        "metricsPort": {
+            "type": "integer"
+        },
         "networkPolicy": {
             "type": "object",
             "properties": {
@@ -116,6 +112,9 @@
                 }
             }
         },
+        "probePort": {
+            "type": "integer"
+        },
         "resources": {
             "type": "object",
             "properties": {

helm/object-storage-operator/values.yaml

@@ -1,7 +1,3 @@
-global:
-  podSecurityStandards:
-    enforced: false
-
 image:
   registry: gsoci.azurecr.io
   repository: "giantswarm/object-storage-operator"