chart: ingress-nginx update version
diff --git a/charts/ingress-nginx/templates/controller-psp.yaml b/charts/ingress-nginx/templates/controller-psp.yaml
index bdb8563..3c499b9 100644
--- a/charts/ingress-nginx/templates/controller-psp.yaml
+++ b/charts/ingress-nginx/templates/controller-psp.yaml
@@ -1,3 +1,4 @@
+{{- if (semverCompare "<1.25.0-0" .Capabilities.KubeVersion.Version) }}
{{- if and .Values.podSecurityPolicy.enabled (empty .Values.controller.existingPsp) -}}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
@@ -6,9 +7,15 @@
labels:
{{- include "ingress-nginx.labels" . | nindent 4 }}
app.kubernetes.io/component: controller
+ {{- with .Values.controller.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
spec:
allowedCapabilities:
- NET_BIND_SERVICE
+ {{- if .Values.controller.image.chroot }}
+ - SYS_CHROOT
+ {{- end }}
{{- if .Values.controller.sysctls }}
allowedUnsafeSysctls:
{{- range $sysctl, $value := .Values.controller.sysctls }}
@@ -21,9 +28,9 @@
volumes:
- 'configMap'
- 'emptyDir'
- #- 'projected'
+ - 'projected'
- 'secret'
- #- 'downwardAPI'
+ - 'downwardAPI'
{{- if .Values.controller.hostNetwork }}
hostNetwork: {{ .Values.controller.hostNetwork }}
{{- end }}
@@ -84,3 +91,4 @@
seLinux:
rule: 'RunAsAny'
{{- end }}
+{{- end }}