github.com/Azure/aad-pod-identity@v1.8.17/charts/aad-pod-identity/templates/nmi-podsecuritypolicy.yaml

github.com/Azure/aad-pod-identity@v1.8.17/charts/aad-pod-identity/templates/nmi-podsecuritypolicy.yaml (about)

     1  {{- if .Values.rbac.pspEnabled }}
     2  apiVersion: policy/v1beta1
     3  kind: PodSecurityPolicy
     4  metadata:
     5    name: {{ template "aad-pod-identity-psp.nmi.fullname" . }}
     6    labels:
     7    {{- include "aad-pod-identity.labels" . | nindent 4 }}
     8  spec:
     9    hostNetwork: true
    10    privileged: false
    11    allowPrivilegeEscalation: false
    12    fsGroup:
    13      ranges:
    14        - max: 65535
    15          min: 1
    16      rule: MustRunAs
    17    supplementalGroups:
    18      ranges:
    19        - max: 65535
    20          min: 1
    21      rule: MustRunAs
    22    requiredDropCapabilities:
    23      - ALL
    24    allowedCapabilities:
    25      - NET_ADMIN
    26      - DAC_READ_SEARCH
    27      - NET_RAW
    28    volumes:
    29      - hostPath
    30      - secret
    31    runAsUser:
    32      rule: RunAsAny
    33    seLinux:
    34      rule: RunAsAny
    35    {{- end }}