From 0a343503a1bbdb1c656127cb9e066b047114b6ed Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Patryk=20Ma=C5=82ek?= Date: Tue, 20 Jun 2023 12:26:58 +0200 Subject: [PATCH] feat(kong): fail to render templates when PodSecurityPolicy is requested but cluster doesn't serve it --- charts/kong/CHANGELOG.md | 4 ++++ charts/kong/templates/_helpers.tpl | 8 ++++++++ charts/kong/templates/psp.yaml | 4 ++-- 3 files changed, 14 insertions(+), 2 deletions(-) diff --git a/charts/kong/CHANGELOG.md b/charts/kong/CHANGELOG.md index 1010001f3..5429d0ffd 100644 --- a/charts/kong/CHANGELOG.md +++ b/charts/kong/CHANGELOG.md @@ -3,6 +3,7 @@ ## Unreleased ### Improvements + * Running `tpl` against user-supplied labels and annotations used in Deployment #### example: ```yaml @@ -10,6 +11,9 @@ version: "{{ .Values.image.tag }}" # Will render dynamically when overridden downstream ``` [#814](https://github.com/Kong/charts/pull/814) +* Fail to render templates when PodSecurityPolicy was requested but cluster doesn't + serve its API. + [#823](https://github.com/Kong/charts/pull/823) ## 2.23.0 diff --git a/charts/kong/templates/_helpers.tpl b/charts/kong/templates/_helpers.tpl index a3e2e69eb..4504caa3d 100644 --- a/charts/kong/templates/_helpers.tpl +++ b/charts/kong/templates/_helpers.tpl @@ -1535,6 +1535,14 @@ autoscaling/v1 {{- end -}} {{- end -}} +{{- define "kong.policyVersion" -}} +{{- if (.Capabilities.APIVersions.Has "policy/v1beta1" ) -}} +policy/v1beta1 +{{- else -}} +{{- fail (printf "Cluster doesn't have policy/v1beta1 API." ) }} +{{- end -}} +{{- end -}} + {{- define "kong.renderTpl" -}} {{- if typeIs "string" .value }} {{- tpl .value .context }} diff --git a/charts/kong/templates/psp.yaml b/charts/kong/templates/psp.yaml index eb5626ae3..bc9844798 100644 --- a/charts/kong/templates/psp.yaml +++ b/charts/kong/templates/psp.yaml @@ -1,5 +1,5 @@ -{{- if and (.Values.podSecurityPolicy.enabled) (.Capabilities.APIVersions.Has "policy/v1beta1") }} -apiVersion: policy/v1beta1 +{{- if and (.Values.podSecurityPolicy.enabled) }} +apiVersion: {{ include "kong.policyVersion" . }} kind: PodSecurityPolicy metadata: name: {{ template "kong.serviceAccountName" . }}-psp