feat(kong): fail to render templates when PodSecurityPolicy is reques…

…ted but cluster doesn't serve it
Kong · Jun 20, 2023 · 0a34350 · 0a34350
1 parent 4eb477b
commit 0a34350
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 2 deletions.
diff --git a/charts/kong/CHANGELOG.md b/charts/kong/CHANGELOG.md
@@ -3,13 +3,17 @@
 ## Unreleased
 
 ### Improvements
+
 * Running `tpl` against user-supplied labels and annotations used in Deployment
   #### example:
   ```yaml
   podLabels:
     version: "{{ .Values.image.tag }}"  # Will render dynamically when overridden downstream
   ```
   [#814](https://github.com/Kong/charts/pull/814)
+* Fail to render templates when PodSecurityPolicy was requested but cluster doesn't
+  serve its API.
+  [#823](https://github.com/Kong/charts/pull/823)
 
 ## 2.23.0
 

diff --git a/charts/kong/templates/_helpers.tpl b/charts/kong/templates/_helpers.tpl
@@ -1535,6 +1535,14 @@ autoscaling/v1
 {{- end -}}
 {{- end -}}
 
+{{- define "kong.policyVersion" -}}
+{{- if (.Capabilities.APIVersions.Has "policy/v1beta1" ) -}}
+policy/v1beta1
+{{- else -}}
+{{- fail (printf "Cluster doesn't have policy/v1beta1 API." ) }}
+{{- end -}}
+{{- end -}}
+
 {{- define "kong.renderTpl" -}}
     {{- if typeIs "string" .value }}
 {{- tpl .value .context }}

diff --git a/charts/kong/templates/psp.yaml b/charts/kong/templates/psp.yaml
@@ -1,5 +1,5 @@
-{{- if and (.Values.podSecurityPolicy.enabled) (.Capabilities.APIVersions.Has "policy/v1beta1") }}
-apiVersion: policy/v1beta1
+{{- if and (.Values.podSecurityPolicy.enabled) }}
+apiVersion: {{ include "kong.policyVersion" . }}
 kind: PodSecurityPolicy
 metadata:
   name: {{ template "kong.serviceAccountName" . }}-psp