BUG/MINOR: haproxy: Disable PSP for 1.25+ K8s

Signed-off-by: Dinko Korunic <[email protected]>

Author: dkorunic

haproxy/templates/podsecuritypolicy.yaml

@@ -14,6 +14,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */}}
 
+{{- if (semverCompare "<1.25.0-0" .Capabilities.KubeVersion.Version) }}
 {{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled -}}
 {{- $useHostNetwork := .Values.daemonset.useHostNetwork -}}
 {{- $useHostPort := .Values.daemonset.useHostPort -}}
@@ -81,3 +82,4 @@ spec:
   {{- toYaml . | nindent 4 }}
   {{- end }}
 {{- end }}
+{{- end }}

haproxy/values.yaml

@@ -363,10 +363,11 @@ podSecurityContext: {}
 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
 securityContext: {}
 #  enabled: true
+#  runAsNonRoot: true
 #  runAsUser: 1000
 #  runAsGroup: 1000
-#  allowPrivilegeEscalation: true
-#  runAsNonRoot: true
+#  fsGroup: 1000
+#  allowPrivilegeEscalation: false
 #  capabilities:
 #    drop:
 #      - ALL