github.com/microsoft/fabrikate@v1.0.0-alpha.1.0.20210115014322-dc09194d0885/testdata/local-charts/prometheus/templates/pushgateway/psp.yaml (about) 1 {{- if and .Values.pushgateway.enabled .Values.rbac.create .Values.podSecurityPolicy.enabled }} 2 apiVersion: {{ template "prometheus.podSecurityPolicy.apiVersion" . }} 3 kind: PodSecurityPolicy 4 metadata: 5 name: {{ template "prometheus.pushgateway.fullname" . }} 6 labels: 7 {{- include "prometheus.pushgateway.labels" . | nindent 4 }} 8 annotations: 9 {{- if .Values.pushgateway.podSecurityPolicy.annotations }} 10 {{ toYaml .Values.pushgateway.podSecurityPolicy.annotations | indent 4 }} 11 {{- end }} 12 spec: 13 privileged: false 14 allowPrivilegeEscalation: false 15 requiredDropCapabilities: 16 - ALL 17 volumes: 18 - 'persistentVolumeClaim' 19 - 'secret' 20 allowedHostPaths: 21 - pathPrefix: {{ .Values.pushgateway.persistentVolume.mountPath }} 22 hostNetwork: false 23 hostPID: false 24 hostIPC: false 25 runAsUser: 26 rule: 'RunAsAny' 27 seLinux: 28 rule: 'RunAsAny' 29 supplementalGroups: 30 rule: 'MustRunAs' 31 ranges: 32 # Forbid adding the root group. 33 - min: 1 34 max: 65535 35 fsGroup: 36 rule: 'MustRunAs' 37 ranges: 38 # Forbid adding the root group. 39 - min: 1 40 max: 65535 41 readOnlyRootFilesystem: true 42 {{- end }}