diff --git a/charts/ingress-nginx/templates/default-backend-role.yaml b/charts/ingress-nginx/templates/default-backend-role.yaml index b8017469b..376a16e3a 100644 --- a/charts/ingress-nginx/templates/default-backend-role.yaml +++ b/charts/ingress-nginx/templates/default-backend-role.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.rbac.create (or .Values.podSecurityPolicy.enabled .Values.securityContextConstraints.enabled) .Values.defaultBackend.enabled -}} +{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled -}} apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: @@ -11,24 +11,9 @@ metadata: name: {{ include "ingress-nginx.fullname" . }}-backend namespace: {{ include "ingress-nginx.namespace" . }} rules: -{{- if .Values.securityContextConstraints.enabled }} - - apiGroups: [{{ template "podSecurityPolicy.apiGroup" . }}] - resources: ['podsecuritypolicies'] - verbs: ['use'] - {{- with .Values.defaultBackend.existingPsp }} - resourceNames: [{{ . }}] - {{- else }} - resourceNames: [{{ include "ingress-nginx.fullname" . }}-backend] - {{- end }} -{{- end }} -{{- if .Values.securityContextConstraints.enabled }} - apiGroups: ['security.openshift.io'] resources: ['securitycontextconstraints'] verbs: ['use'] - {{- with .Values.defaultBackend.existingScc }} - resourceNames: [{{ . }}] - {{- else }} resourceNames: [{{ include "ingress-nginx.fullname" . }}-backend] - {{- end }} -{{- end }} + {{- end }} diff --git a/charts/ingress-nginx/templates/default-backend-scc.yaml b/charts/ingress-nginx/templates/default-backend-scc.yaml index dd9c6cc66..74b4af154 100644 --- a/charts/ingress-nginx/templates/default-backend-scc.yaml +++ b/charts/ingress-nginx/templates/default-backend-scc.yaml @@ -1,5 +1,5 @@ -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy +apiVersion: security.openshift.io/v1 +kind: SecurityContextConstraints metadata: name: {{ include "ingress-nginx.fullname" . }}-backend labels: