add IKS1.25 Support to the HLFSupport (#639)

Signed-off-by: Matthew B White <whitemat@uk.ibm.com>

roles/hlfsupport_console/tasks/k8s/create.yml

@@ -17,17 +17,15 @@
 - name: Create namespace
   kubernetes.core.k8s:
     state: present
-    api_version: v1
-    kind: Namespace
-    name: "{{ namespace }}"
+    definition:
+      api_version: v1
+      kind: Namespace
+      metadata:
+        name: "{{ namespace }}"
+        labels:
+          'pod-security.kubernetes.io/enforce': baseline
   when: not namespace_info.resources
 
-- name: Create pod security policy
-  kubernetes.core.k8s:
-    state: present
-    namespace: "{{ namespace }}"
-    resource_definition: "{{ lookup('template', 'k8s/pod_security_policy.yml.j2') }}"
-
 - name: Create cluster role
   kubernetes.core.k8s:
     state: present

roles/hlfsupport_console/tasks/k8s/delete.yml

@@ -76,12 +76,3 @@
     kind: ClusterRole
     name: "{{ cluster_role }}"
   when: namespace_info.resources
-
-- name: Delete pod security policy
-  kubernetes.core.k8s:
-    state: absent
-    namespace: "{{ namespace }}"
-    api_version: policy/v1beta1
-    kind: PodSecurityPolicy
-    name: "{{ pod_security_policy }}"
-  when: namespace_info.resources

roles/hlfsupport_console/templates/k8s/cluster_role.yml.j2

@@ -13,14 +13,6 @@ metadata:
     app.kubernetes.io/instance: "ibm-hlfsupport"
     app.kubernetes.io/managed-by: "ibm-hlfsupport-operator"
 rules:
-- apiGroups:
-  - extensions
-  resourceNames:
-  - "{{ pod_security_policy }}"
-  resources:
-  - podsecuritypolicies
-  verbs:
-  - use
 - apiGroups:
   - apiextensions.k8s.io
   resources:

roles/hlfsupport_console/templates/k8s/console.yml.j2

@@ -18,6 +18,18 @@ spec:
   registryURL: "{{ image_registry_url }}"
   imagePullSecrets:
   - "{{ image_pull_secret }}"
+  usetags: true
+  images:
+    deployerImage: "{{deployer_image}}"
+    deployerTag: "{{deployer_image_label}}"
+    consoleInitImage: "{{init_image}}"
+    consoleInitTag: "{{init_image_label}}"
+    consoleImage: "{{console_image}}"
+    consoleTag: "{{console_image_label}}"
+    configtxlatorImage: "{{tools_image}}"
+    configtxlatorTag: "{{tools_image_label}}"
+    couchdbImage: "{{couchdb_image}}"
+    couchdbTag: "{{couchdb_image_label}}"
   networkinfo:
     domain: "{{ console_domain }}"
   storage:

roles/hlfsupport_crds/tasks/k8s/create.yml

@@ -17,9 +17,13 @@
 - name: Create namespace
   kubernetes.core.k8s:
     state: present
-    api_version: v1
-    kind: Namespace
-    name: "{{ namespace }}"
+    definition:
+      api_version: v1
+      kind: Namespace
+      metadata:
+        name: "{{ namespace }}"
+        labels:
+          'pod-security.kubernetes.io/enforce': baseline
   when: not namespace_info.resources
 
 - name: Create image secret

roles/hlfsupport_crds/tasks/openshift/create.yml

@@ -17,9 +17,13 @@
 - name: Create project
   kubernetes.core.k8s:
     state: present
-    api_version: project.openshift.io/v1
-    kind: ProjectRequest
-    name: "{{ project }}"
+    definition:
+      api_version: project.openshift.io/v1
+      kind: ProjectRequest
+      metadata:
+        name: "{{ project }}"
+        labels:
+          'pod-security.kubernetes.io/enforce': baseline
   when: not project_info.resources
 
 - name: Create security context constraints