github.com/Azure/aad-pod-identity@v1.8.17/examples/psp-podidentity.yaml

github.com/Azure/aad-pod-identity@v1.8.17/examples/psp-podidentity.yaml (about)

     1  apiVersion: policy/v1beta1
     2  kind: PodSecurityPolicy
     3  metadata:
     4    name: allow-hostnetwork
     5  spec:
     6    seLinux:
     7      rule: RunAsAny
     8    privileged: true
     9    allowedCapabilities:
    10      - NET_ADMIN
    11    volumes:
    12      - hostPath
    13      - secret
    14    hostNetwork: true
    15    fsGroup:
    16      rule: RunAsAny
    17    runAsUser:
    18      rule: RunAsAny
    19    supplementalGroups:
    20      rule: RunAsAny
    21    allowedHostPaths:
    22      - pathPrefix: /etc/kubernetes/azure.json
    23      - pathPrefix: /run/xtables.lock
    24  ---
    25  apiVersion: rbac.authorization.k8s.io/v1
    26  kind: Role
    27  metadata:
    28    name: psp:allow-hostnetwork
    29    namespace: default
    30  rules:
    31  - apiGroups: ['extensions']
    32    resources: ['podsecuritypolicies']
    33    verbs:     ['use']
    34    resourceNames:
    35    - allow-hostnetwork
    36  ---
    37  apiVersion: rbac.authorization.k8s.io/v1
    38  kind: RoleBinding
    39  metadata:
    40    name: default:allow-hostnetwork
    41    namespace: default
    42  roleRef:
    43    apiGroup: rbac.authorization.k8s.io
    44    kind: Role
    45    name: psp:allow-hostnetwork
    46  subjects:
    47  - kind: Group
    48    name: system:authenticated
    49    apiGroup: rbac.authorization.k8s.io
    50  - kind: Group
    51    name: system:nodes
    52    apiGroup: rbac.authorization.k8s.io