Remove PodSecurityPolicy support and references (#10723)

This is removed from kubernetes since 1.25, time to cut some dead code.

roles/kubernetes-apps/ansible/defaults/main.yml

@@ -81,7 +81,7 @@ netchecker_etcd_memory_limit: 256M
 netchecker_etcd_cpu_requests: 100m
 netchecker_etcd_memory_requests: 128M
 
-# SecurityContext when PodSecurityPolicy is enabled
+# SecurityContext (user/group)
 netchecker_agent_user: 1000
 netchecker_server_user: 1000
 netchecker_agent_group: 1000

roles/kubernetes-apps/ansible/tasks/netchecker.yml

@@ -24,15 +24,6 @@
       - {file: netchecker-server-clusterrolebinding.yml, type: clusterrolebinding, name: netchecker-server}
       - {file: netchecker-server-deployment.yml, type: deployment, name: netchecker-server}
       - {file: netchecker-server-svc.yml, type: svc, name: netchecker-service}
-    netchecker_templates_for_psp:
-      - {file: netchecker-agent-hostnet-psp.yml, type: podsecuritypolicy, name: netchecker-agent-hostnet-policy}
-      - {file: netchecker-agent-hostnet-clusterrole.yml, type: clusterrole, name: netchecker-agent}
-      - {file: netchecker-agent-hostnet-clusterrolebinding.yml, type: clusterrolebinding, name: netchecker-agent}
-
-- name: Kubernetes Apps | Append extra templates to Netchecker Templates list for PodSecurityPolicy
-  set_fact:
-    netchecker_templates: "{{ netchecker_templates_for_psp + netchecker_templates }}"
-  when: podsecuritypolicy_enabled
 
 - name: Kubernetes Apps | Lay Down Netchecker Template
   template:

roles/kubernetes-apps/ansible/templates/netchecker-agent-hostnet-clusterrole.yml.j2

@@ -1,14 +0,0 @@
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: psp:netchecker-agent-hostnet
-  namespace: {{ netcheck_namespace }}
-rules:
-  - apiGroups:
-    - policy
-    resourceNames:
-    - netchecker-agent-hostnet
-    resources:
-    - podsecuritypolicies
-    verbs:
-    - use

roles/kubernetes-apps/ansible/templates/netchecker-agent-hostnet-clusterrolebinding.yml.j2

@@ -1,13 +0,0 @@
-kind: RoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: psp:netchecker-agent-hostnet
-  namespace: {{ netcheck_namespace }}
-subjects:
-  - kind: ServiceAccount
-    name: netchecker-agent
-    namespace: {{ netcheck_namespace }}
-roleRef:
-  kind: ClusterRole
-  name: psp:netchecker-agent-hostnet
-  apiGroup: rbac.authorization.k8s.io

roles/kubernetes-apps/ansible/templates/netchecker-agent-hostnet-psp.yml.j2

@@ -1,44 +0,0 @@
----
-apiVersion: policy/v1beta1
-kind: PodSecurityPolicy
-metadata:
-  name: netchecker-agent-hostnet
-  annotations:
-    seccomp.security.alpha.kubernetes.io/defaultProfileName:  'runtime/default'
-    seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'runtime/default'
-{% if apparmor_enabled %}
-    apparmor.security.beta.kubernetes.io/defaultProfileName:  'runtime/default'
-    apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default'
-{% endif %}
-  labels:
-    addonmanager.kubernetes.io/mode: Reconcile
-spec:
-  privileged: false
-  allowPrivilegeEscalation: false
-  requiredDropCapabilities:
-    - ALL
-  volumes:
-    - 'configMap'
-    - 'emptyDir'
-    - 'projected'
-    - 'secret'
-    - 'downwardAPI'
-    - 'persistentVolumeClaim'
-  hostNetwork: true
-  hostIPC: false
-  hostPID: false
-  runAsUser:
-    rule: 'MustRunAsNonRoot'
-  seLinux:
-    rule: 'RunAsAny'
-  supplementalGroups:
-    rule: 'MustRunAs'
-    ranges:
-      - min: 1
-        max: 65535
-  fsGroup:
-    rule: 'MustRunAs'
-    ranges:
-      - min: 1
-        max: 65535
-  readOnlyRootFilesystem: false