github.com/replicatedhq/ship@v0.55.0/integration/update/namespace/expected/.ship/upstream/templates/podsecuritypolicy.yaml

github.com/replicatedhq/ship@v0.55.0/integration/update/namespace/expected/.ship/upstream/templates/podsecuritypolicy.yaml (about)

     1  {{- if .Values.rbac.pspEnabled }}
     2  apiVersion: extensions/v1beta1
     3  kind: PodSecurityPolicy
     4  metadata:
     5    name: {{ template "grafana.fullname" . }}
     6    labels:
     7      app: {{ template "grafana.name" . }}
     8      chart: {{ .Chart.Name }}-{{ .Chart.Version }}
     9      heritage: {{ .Release.Service }}
    10      release: {{ .Release.Name }}
    11    annotations:
    12      seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default'
    13      apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default'
    14      seccomp.security.alpha.kubernetes.io/defaultProfileName:  'docker/default'
    15      apparmor.security.beta.kubernetes.io/defaultProfileName:  'runtime/default'
    16  spec:
    17    privileged: false
    18    allowPrivilegeEscalation: false
    19    requiredDropCapabilities:
    20      - ALL
    21    volumes:
    22      - 'configMap'
    23      - 'emptyDir'
    24      - 'projected'
    25      - 'secret'
    26      - 'downwardAPI'
    27      - 'persistentVolumeClaim'
    28    hostNetwork: false
    29    hostIPC: false
    30    hostPID: false
    31    runAsUser:
    32      rule: 'RunAsAny'
    33    seLinux:
    34      rule: 'RunAsAny'
    35    supplementalGroups:
    36      rule: 'RunAsAny'
    37    fsGroup:
    38      rule: 'RunAsAny'
    39    readOnlyRootFilesystem: false
    40  {{- end }}