From a962fa23571535e986c8d482fd868c21a352fa00 Mon Sep 17 00:00:00 2001
From: Ugur Can Ozturk <57688057+ugur99@users.noreply.github.com>
Date: Tue, 13 Jun 2023 02:55:57 +0200
Subject: [PATCH] [podSecurityConfiguration]: fix apiVersion and change default
 policy versions (#10210)

Signed-off-by: Ugur <ugurozturk918@gmail.com>
---
 roles/kubernetes/control-plane/defaults/main/main.yml       | 6 +++---
 .../kubernetes/control-plane/templates/podsecurity.yaml.j2  | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/roles/kubernetes/control-plane/defaults/main/main.yml b/roles/kubernetes/control-plane/defaults/main/main.yml
index a97f2f965..c25fbc10d 100644
--- a/roles/kubernetes/control-plane/defaults/main/main.yml
+++ b/roles/kubernetes/control-plane/defaults/main/main.yml
@@ -106,11 +106,11 @@ kube_apiserver_admission_event_rate_limits: {}
 
 kube_pod_security_use_default: false
 kube_pod_security_default_enforce: baseline
-kube_pod_security_default_enforce_version: latest
+kube_pod_security_default_enforce_version: "{{ kube_major_version }}"
 kube_pod_security_default_audit: restricted
-kube_pod_security_default_audit_version: latest
+kube_pod_security_default_audit_version: "{{ kube_major_version }}"
 kube_pod_security_default_warn: restricted
-kube_pod_security_default_warn_version: latest
+kube_pod_security_default_warn_version: "{{ kube_major_version }}"
 kube_pod_security_exemptions_usernames: []
 kube_pod_security_exemptions_runtime_class_names: []
 kube_pod_security_exemptions_namespaces:
diff --git a/roles/kubernetes/control-plane/templates/podsecurity.yaml.j2 b/roles/kubernetes/control-plane/templates/podsecurity.yaml.j2
index 5d39576ff..0a650fa10 100644
--- a/roles/kubernetes/control-plane/templates/podsecurity.yaml.j2
+++ b/roles/kubernetes/control-plane/templates/podsecurity.yaml.j2
@@ -1,5 +1,5 @@
 {% if kube_pod_security_use_default %}
-apiVersion: pod-security.admission.config.k8s.io/v1beta1
+apiVersion: pod-security.admission.config.k8s.io/v1
 kind: PodSecurityConfiguration
 defaults:
   enforce: "{{ kube_pod_security_default_enforce }}"
-- 
GitLab