github.com/microsoft/fabrikate@v1.0.0-alpha.1.0.20210115014322-dc09194d0885/testdata/local-charts/prometheus/charts/kube-state-metrics/templates/podsecuritypolicy.yaml (about) 1 {{- if .Values.podSecurityPolicy.enabled }} 2 apiVersion: policy/v1beta1 3 kind: PodSecurityPolicy 4 metadata: 5 name: {{ template "kube-state-metrics.fullname" . }} 6 labels: 7 app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} 8 helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} 9 app.kubernetes.io/managed-by: {{ .Release.Service }} 10 app.kubernetes.io/instance: {{ .Release.Name }} 11 {{- if .Values.podSecurityPolicy.annotations }} 12 annotations: 13 {{ toYaml .Values.podSecurityPolicy.annotations | indent 4 }} 14 {{- end }} 15 spec: 16 privileged: false 17 volumes: 18 - 'secret' 19 {{- if .Values.podSecurityPolicy.additionalVolumes }} 20 {{ toYaml .Values.podSecurityPolicy.additionalVolumes | indent 4 }} 21 {{- end }} 22 hostNetwork: false 23 hostIPC: false 24 hostPID: false 25 runAsUser: 26 rule: 'MustRunAsNonRoot' 27 seLinux: 28 rule: 'RunAsAny' 29 supplementalGroups: 30 rule: 'MustRunAs' 31 ranges: 32 # Forbid adding the root group. 33 - min: 1 34 max: 65535 35 fsGroup: 36 rule: 'MustRunAs' 37 ranges: 38 # Forbid adding the root group. 39 - min: 1 40 max: 65535 41 readOnlyRootFilesystem: false 42 {{- end }}