Remove PodSecurityPolicy support and references (#10723)

This is removed from kubernetes since 1.25, time to cut some dead code.
2026-02-28 09:39:12 +03:00 · 2023-12-18 14:13:43 +01:00
parent 7395c27932
commit 471326f458
32 changed files with 4 additions and 619 deletions
--- a/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml
+++ b/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml
@@ -232,12 +232,6 @@
  tags:
    - kubeadm_token

- name: PodSecurityPolicy | install PodSecurityPolicy
-  include_tasks: psp-install.yml
-  when:
-    - podsecuritypolicy_enabled
-    - inventory_hostname == first_kube_control_plane
-
 - name: Kubeadm | Join other masters
  include_tasks: kubeadm-secondary.yml

--- a/roles/kubernetes/control-plane/tasks/main.yml
+++ b/roles/kubernetes/control-plane/tasks/main.yml
@@ -80,11 +80,6 @@
    - upgrade
  ignore_errors: true  # noqa ignore-errors

- name: Disable SecurityContextDeny admission-controller and enable PodSecurityPolicy
-  set_fact:
-    kube_apiserver_enable_admission_plugins: "{{ kube_apiserver_enable_admission_plugins | difference(['SecurityContextDeny']) | union(['PodSecurityPolicy']) | unique }}"
-  when: podsecuritypolicy_enabled
-
 - name: Define nodes already joined to existing cluster and first_kube_control_plane
  import_tasks: define-first-kube-control.yml

--- a/roles/kubernetes/control-plane/tasks/psp-install.yml
+++ b/roles/kubernetes/control-plane/tasks/psp-install.yml
@@ -1,38 +0,0 @@
---
- name: Check AppArmor status
-  command: which apparmor_parser
-  register: apparmor_status
-  failed_when: false
-  changed_when: apparmor_status.rc != 0
-
- name: Set apparmor_enabled
-  set_fact:
-    apparmor_enabled: "{{ apparmor_status.rc == 0 }}"
-
- name: Render templates for PodSecurityPolicy
-  template:
-    src: "{{ item.file }}.j2"
-    dest: "{{ kube_config_dir }}/{{ item.file }}"
-    mode: 0640
-  register: psp_manifests
-  with_items:
-    - {file: psp.yml, type: psp, name: psp}
-    - {file: psp-cr.yml, type: clusterrole, name: psp-cr}
-    - {file: psp-crb.yml, type: rolebinding, name: psp-crb}
-
- name: Add policies, roles, bindings for PodSecurityPolicy
-  kube:
-    name: "{{ item.item.name }}"
-    kubectl: "{{ bin_dir }}/kubectl"
-    resource: "{{ item.item.type }}"
-    filename: "{{ kube_config_dir }}/{{ item.item.file }}"
-    state: "latest"
-  register: result
-  until: result is succeeded
-  retries: 10
-  delay: 6
-  with_items: "{{ psp_manifests.results }}"
-  environment:
-    KUBECONFIG: "{{ kube_config_dir }}/admin.conf"
-  loop_control:
-    label: "{{ item.item.file }}"