github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/ingress-nginx/templates/default-backend-psp.yaml (about)

     1  {{- if (semverCompare "<1.25.0-0" .Capabilities.KubeVersion.Version) }}
     2  {{- if and .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled (empty .Values.defaultBackend.existingPsp) -}}
     3  apiVersion: policy/v1beta1
     4  kind: PodSecurityPolicy
     5  metadata:
     6    name: {{ include "ingress-nginx.fullname" . }}-backend
     7    labels:
     8      {{- include "ingress-nginx.labels" . | nindent 4 }}
     9      app.kubernetes.io/component: default-backend
    10      {{- with .Values.defaultBackend.labels }}
    11      {{- toYaml . | nindent 4 }}
    12      {{- end }}
    13  spec:
    14    allowPrivilegeEscalation: false
    15    fsGroup:
    16      ranges:
    17      - max: 65535
    18        min: 1
    19      rule: MustRunAs
    20    requiredDropCapabilities:
    21    - ALL
    22    runAsUser:
    23      rule: MustRunAsNonRoot
    24    seLinux:
    25      rule: RunAsAny
    26    supplementalGroups:
    27      ranges:
    28      - max: 65535
    29        min: 1
    30      rule: MustRunAs
    31    volumes:
    32    - configMap
    33    - emptyDir
    34    - projected
    35    - secret
    36    - downwardAPI
    37  {{- end }}
    38  {{- end }}