podSecurityAdmission Template

[orenr2301]

@ckotzbauer

Following that issue: #39

I would like to suggest to add another template for securityPodAdmission
Since Kubernetes moved from PSP to PSA at version 1.25.1 and above, I believe addressing this to those who have clusters with higher versions and not a legacy version

I facing the same issue as mentioned issue here, and I also noticed it is still hard-coded at the template/chart level
at the latest version 5.3.1

Since it's related to the privilege escalation matter I would suggest making a dependency

podSecurityAdmission create: true hostPID: false hostIPC: false

{{- if 
.Values.podSecurityAdmission.create - here to handled
}}
apiVersion: {{ template 
"kured.psp.apiVersion"
 . }}
3
kind: PodSecurityAdmission - also changing kind 
4
metadata:
5
  name: {{ template 
"kured.fullname"
 . }}
6
  labels:
7
    {{- include 
"kured.labels"
 . | 

nindent
 4 }}
8
spec:
9
  privileged: true - need to be templated
10
  hostPID: true - need to be templated 
11
  allowedCapabilities: ['*'] - also to be templated 
12
  fsGroup:
13
    rule: RunAsAny
14
  runAsUser:
15
    rule: RunAsAny
16
  seLinux:
17
    rule: RunAsAny
18
  supplementalGroups:
19
    rule: RunAsAny
20
  volumes: ['*']
21
{{- end }}

As currently im having a 1.26.3 cluster version and has to make a manual change :(

If further details is needed from me than let me know

Regards,
orenr2301

[evrardjp]

@orenr2301 are you willing to propose a patch?

[evrardjp]

Is this linked to #48