Regarding testing performed: does deployment still succeed on OCP <=4.11 and/or k8s <= 1.24?
I mean without overriding POD_SECURITY_POLICIES to true.

Images are ready for the commit at 1f650c8.

To use with deploy scripts, first export MAIN_IMAGE_TAG=3.74.x-74-g1f650c83cb.

I have also tested this on Colima running Kubernetes 1.23.16 as well as an OS 4.11 cluster.
In both cases, I did not set the env var explicitly, but made sure it is set to false in CLI output.
ACS deployed successfully including Monitoring, the Grafana dashboards populated and ACS was confirmed running as expected.

Ignoring failing openshift-oldest tests as they seem to be broken right now.
Connor is investigating.

@Maddosaurus: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Full PR test history. Your PR dashboard.

How does this work in relation to @johannes94 change:

@gavin-stackrox These changes are definitely related.
I am not familiar enough with our test setup to make final statements, but from what I understand, Johannes changes focus on the test setup, correct?
We would still run into problems when a human wants to use our deploy scripts for k8s or OpenShift.

IIUC, Johannes changes are needed to fix the CI tests, so we don't need to cherry pick this PR (4813) to fix them.
Do you agree?

@Maddosaurus
Johannes change tries to auto-sense PSP support, but does that in CI scripting. Your change hardcodes the choice (in a way that should not interfere with CI scripting) for local usage.
The problem is that we don't need that many ways of doing the same thing.

PSPs support can be autosensed in the deployment scripts which should apply to CI automatically, and then no need to hardcode the choice anywhere. How? One option is to simply check exit code from kubectl get podsecuritypolicy.policy > /dev/null 2>&1 command in deploy/common/k8sbased.sh.

Definitely don't check k8s version like if (( "$majorVersion" >= 1 && "$minorVersion" >= 25 )) - this won't work when k8s 2.0.0 sees the light.

Definitely don't check k8s version like if (( "$majorVersion" >= 1 && "$minorVersion" >= 25 )) - this won't work when k8s 2.0.0 sees the light.

You're right this is a terrible mistake, we should fix it ASAP. The idea with testing the exit code doesn't sound very reliable to me, because the exit code if an api type is not found is 1 which could have a lot of different reasons.

Just for context, I did not want to set the default for POD_SECURITY_POLICIES to false because I was not sure if that would disable tests for older k8s version that we want to be executed. Also the place where the setup_podsecuritypolicies_config function is used was my best guess without ever looking at our CI scripts before. So if there is a better place to call it like deploy/common/k8sbased.sh feel free to move it.