github.com/microsoft/fabrikate@v1.0.0-alpha.1.0.20210115014322-dc09194d0885/testdata/local-charts/prometheus/charts/kube-state-metrics/templates/podsecuritypolicy.yaml

github.com/microsoft/fabrikate@v1.0.0-alpha.1.0.20210115014322-dc09194d0885/testdata/local-charts/prometheus/charts/kube-state-metrics/templates/podsecuritypolicy.yaml (about)

     1  {{- if .Values.podSecurityPolicy.enabled }}
     2  apiVersion: policy/v1beta1
     3  kind: PodSecurityPolicy
     4  metadata:
     5    name: {{ template "kube-state-metrics.fullname" . }}
     6    labels:
     7      app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }}
     8      helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
     9      app.kubernetes.io/managed-by: {{ .Release.Service }}
    10      app.kubernetes.io/instance: {{ .Release.Name }}
    11  {{- if .Values.podSecurityPolicy.annotations }}
    12    annotations:
    13  {{ toYaml .Values.podSecurityPolicy.annotations | indent 4 }}
    14  {{- end }}
    15  spec:
    16    privileged: false
    17    volumes:
    18      - 'secret'
    19  {{- if .Values.podSecurityPolicy.additionalVolumes }}
    20  {{ toYaml .Values.podSecurityPolicy.additionalVolumes | indent 4 }}
    21  {{- end }}
    22    hostNetwork: false
    23    hostIPC: false
    24    hostPID: false
    25    runAsUser:
    26      rule: 'MustRunAsNonRoot'
    27    seLinux:
    28      rule: 'RunAsAny'
    29    supplementalGroups:
    30      rule: 'MustRunAs'
    31      ranges:
    32        # Forbid adding the root group.
    33        - min: 1
    34          max: 65535
    35    fsGroup:
    36      rule: 'MustRunAs'
    37      ranges:
    38        # Forbid adding the root group.
    39        - min: 1
    40          max: 65535
    41    readOnlyRootFilesystem: false
    42  {{- end }}