github.com/replicatedhq/ship@v0.55.0/integration/init/grafana-with-values/expected/.ship/upstream/templates/podsecuritypolicy.yaml (about) 1 {{- if .Values.rbac.pspEnabled }} 2 apiVersion: extensions/v1beta1 3 kind: PodSecurityPolicy 4 metadata: 5 name: {{ template "grafana.fullname" . }} 6 labels: 7 app: {{ template "grafana.name" . }} 8 chart: {{ .Chart.Name }}-{{ .Chart.Version }} 9 heritage: {{ .Release.Service }} 10 release: {{ .Release.Name }} 11 annotations: 12 seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default' 13 apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default' 14 seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' 15 apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' 16 spec: 17 privileged: false 18 allowPrivilegeEscalation: false 19 requiredDropCapabilities: 20 - ALL 21 volumes: 22 - 'configMap' 23 - 'emptyDir' 24 - 'projected' 25 - 'secret' 26 - 'downwardAPI' 27 - 'persistentVolumeClaim' 28 hostNetwork: false 29 hostIPC: false 30 hostPID: false 31 runAsUser: 32 rule: 'RunAsAny' 33 seLinux: 34 rule: 'RunAsAny' 35 supplementalGroups: 36 rule: 'RunAsAny' 37 fsGroup: 38 rule: 'RunAsAny' 39 readOnlyRootFilesystem: false 40 {{- end }}