From 26a9d46c66201ec31a3348c23eee0e8ba8aba332 Mon Sep 17 00:00:00 2001
From: Erkan Erol <erkan@giantswarm.io>
Date: Thu, 15 Feb 2024 14:12:21 +0300
Subject: [PATCH] Add toggle for PSP

---
 CHANGELOG.md                             |  1 +
 helm/cluster-cleaner/templates/psp.yaml  |  2 ++
 helm/cluster-cleaner/templates/rbac.yaml |  2 ++
 helm/cluster-cleaner/values.schema.json  | 14 ++++++++++++++
 helm/cluster-cleaner/values.yaml         |  4 ++++
 5 files changed, 23 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index d2114e8..6e9ba62 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,6 +10,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Changed
 
 - Configure `gsoci.azurecr.io` as the default container image registry.
+- Add toggle for PSPs.
 
 ## [0.8.0] - 2023-07-17
 
diff --git a/helm/cluster-cleaner/templates/psp.yaml b/helm/cluster-cleaner/templates/psp.yaml
index b76c07b..b4918f0 100644
--- a/helm/cluster-cleaner/templates/psp.yaml
+++ b/helm/cluster-cleaner/templates/psp.yaml
@@ -1,4 +1,5 @@
 {{ if .Values.clusterCleaner.enabled }}
+{{ if not .Values.global.podSecurityStandards.enforced }}
 apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
 metadata:
@@ -37,3 +38,4 @@ spec:
   hostIPC: false
   hostPID: false
 {{ end }}
+{{ end }}
diff --git a/helm/cluster-cleaner/templates/rbac.yaml b/helm/cluster-cleaner/templates/rbac.yaml
index fef8410..e799082 100644
--- a/helm/cluster-cleaner/templates/rbac.yaml
+++ b/helm/cluster-cleaner/templates/rbac.yaml
@@ -54,6 +54,7 @@ roleRef:
   name: {{ include "resource.default.name"  . }}
   apiGroup: rbac.authorization.k8s.io
 ---
+{{ if not .Values.global.podSecurityStandards.enforced }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
@@ -84,6 +85,7 @@ roleRef:
   kind: ClusterRole
   name: {{ include "resource.psp.name" . }}
   apiGroup: rbac.authorization.k8s.io
+{{ end }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
diff --git a/helm/cluster-cleaner/values.schema.json b/helm/cluster-cleaner/values.schema.json
index ecddd2c..0b4383f 100644
--- a/helm/cluster-cleaner/values.schema.json
+++ b/helm/cluster-cleaner/values.schema.json
@@ -13,6 +13,20 @@
         "dryRun": {
             "type": "boolean"
         },
+        "global": {
+            "type": "object",
+            "properties": {
+                "podSecurityStandards": {
+                    "type": "object",
+                    "properties": {
+                        "enforced": {
+                            "default": false,
+                            "type": "boolean"
+                        }
+                    }
+                }
+            }
+        },
         "image": {
             "type": "object",
             "properties": {
diff --git a/helm/cluster-cleaner/values.yaml b/helm/cluster-cleaner/values.yaml
index 6c140e1..fee09f3 100644
--- a/helm/cluster-cleaner/values.yaml
+++ b/helm/cluster-cleaner/values.yaml
@@ -32,3 +32,7 @@ securityContext:
   capabilities:
     drop:
       - ALL
+
+global:
+  podSecurityStandards:
+    enforced: false