Merge "Update application namespaces PSA labels"

controllerconfig/controllerconfig/upgrade-scripts/68-pod-security-admission-controller-labels.py

@@ -53,12 +53,10 @@ def add_pod_security_admission_controller_labels():
         # we add pod security admission controller labels to namespaces that
         # we create
         namespace = line.replace("namespace/", "")
-        if namespace not in common.PRIVILEGED_NS \
-           and namespace not in common.BASELINE_NS:
+        if namespace not in common.PRIVILEGED_NS:
             continue
 
-        security_version = 'v1.23'
-        security_level = 'baseline'
+        security_version = 'latest'
         if namespace in common.PRIVILEGED_NS:
             security_level = 'privileged'
 

sysinv/sysinv/sysinv/sysinv/helm/common.py

@@ -42,11 +42,11 @@ HELM_NS_DEPLOYMENT = 'deployment'
 HELM_NS_ARMADA = 'armada'
 
 # namespace groups for pod security admission controller
-PRIVILEGED_NS = [HELM_NS_KUBE_SYSTEM, HELM_NS_NOTIFICATION]
-BASELINE_NS = [HELM_NS_CEPH, HELM_NS_NFS, HELM_NS_OPENSTACK, HELM_NS_HELM_TOOLKIT,
+PRIVILEGED_NS = [HELM_NS_CEPH, HELM_NS_NFS, HELM_NS_OPENSTACK, HELM_NS_HELM_TOOLKIT,
                HELM_NS_MONITOR, HELM_NS_RBD_PROVISIONER, HELM_NS_STORAGE_PROVISIONER,
-               HELM_NS_CERT_MANAGER, HELM_NS_VAULT, HELM_NS_DEPLOYMENT, HELM_NS_ARMADA]
-POD_SECURITY_VERSION = 'v1.23'
+               HELM_NS_CERT_MANAGER, HELM_NS_VAULT, HELM_NS_DEPLOYMENT, HELM_NS_ARMADA,
+               HELM_NS_KUBE_SYSTEM, HELM_NS_NOTIFICATION]
+POD_SECURITY_VERSION = 'latest'
 
 # Services
 # Matches configassistant.py value => Should change to STARLINGX

sysinv/sysinv/sysinv/sysinv/helm/lifecycle_utils.py

@@ -219,9 +219,7 @@ def add_pod_security_admission_controller_labels(app_op, app, hook_info):
 
     for ns in namespaces:
 
-        security_level = 'baseline'
-        if ns in common.PRIVILEGED_NS:
-            security_level = 'privileged'
+        security_level = 'privileged'
 
         body = {
             "metadata": {