github.com/Azure/aad-pod-identity@v1.8.17/charts/aad-pod-identity/templates/mic-podsecuritypolicy.yaml

github.com/Azure/aad-pod-identity@v1.8.17/charts/aad-pod-identity/templates/mic-podsecuritypolicy.yaml (about)

     1  {{- if .Values.rbac.pspEnabled }}
     2  apiVersion: policy/v1beta1
     3  kind: PodSecurityPolicy
     4  metadata:
     5    name: {{ template "aad-pod-identity-psp.mic.fullname" . }}
     6    labels:
     7    {{- include "aad-pod-identity.labels" . | nindent 4 }}
     8  spec:
     9    privileged: false
    10    allowPrivilegeEscalation: false
    11    fsGroup:
    12      ranges:
    13        - max: 65535
    14          min: 1
    15      rule: MustRunAs
    16    supplementalGroups:
    17      ranges:
    18        - max: 65535
    19          min: 1
    20      rule: MustRunAs
    21    requiredDropCapabilities:
    22      - ALL
    23    volumes:
    24      - hostPath
    25      - secret
    26    runAsUser:
    27      rule: RunAsAny
    28    seLinux:
    29      rule: RunAsAny
    30    {{- end }}