github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/ingress-nginx/templates/default-backend-psp.yaml (about) 1 {{- if (semverCompare "<1.25.0-0" .Capabilities.KubeVersion.Version) }} 2 {{- if and .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled (empty .Values.defaultBackend.existingPsp) -}} 3 apiVersion: policy/v1beta1 4 kind: PodSecurityPolicy 5 metadata: 6 name: {{ include "ingress-nginx.fullname" . }}-backend 7 labels: 8 {{- include "ingress-nginx.labels" . | nindent 4 }} 9 app.kubernetes.io/component: default-backend 10 {{- with .Values.defaultBackend.labels }} 11 {{- toYaml . | nindent 4 }} 12 {{- end }} 13 spec: 14 allowPrivilegeEscalation: false 15 fsGroup: 16 ranges: 17 - max: 65535 18 min: 1 19 rule: MustRunAs 20 requiredDropCapabilities: 21 - ALL 22 runAsUser: 23 rule: MustRunAsNonRoot 24 seLinux: 25 rule: RunAsAny 26 supplementalGroups: 27 ranges: 28 - max: 65535 29 min: 1 30 rule: MustRunAs 31 volumes: 32 - configMap 33 - emptyDir 34 - projected 35 - secret 36 - downwardAPI 37 {{- end }} 38 {{- end }}