github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/prometheus-community/kube-state-metrics/templates/podsecuritypolicy.yaml

github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/prometheus-community/kube-state-metrics/templates/podsecuritypolicy.yaml (about)

     1  {{- if and .Values.podSecurityPolicy.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }}
     2  apiVersion: policy/v1beta1
     3  kind: PodSecurityPolicy
     4  metadata:
     5    name: {{ template "kube-state-metrics.fullname" . }}
     6    labels:
     7      {{- include "kube-state-metrics.labels" . | indent 4 }}
     8  {{- if .Values.podSecurityPolicy.annotations }}
     9    annotations:
    10  {{ toYaml .Values.podSecurityPolicy.annotations | indent 4 }}
    11  {{- end }}
    12  spec:
    13    privileged: false
    14    volumes:
    15      - 'secret'
    16  {{- if .Values.podSecurityPolicy.additionalVolumes }}
    17  {{ toYaml .Values.podSecurityPolicy.additionalVolumes | indent 4 }}
    18  {{- end }}
    19    hostNetwork: false
    20    hostIPC: false
    21    hostPID: false
    22    runAsUser:
    23      rule: 'MustRunAsNonRoot'
    24    seLinux:
    25      rule: 'RunAsAny'
    26    supplementalGroups:
    27      rule: 'MustRunAs'
    28      ranges:
    29        # Forbid adding the root group.
    30        - min: 1
    31          max: 65535
    32    fsGroup:
    33      rule: 'MustRunAs'
    34      ranges:
    35        # Forbid adding the root group.
    36        - min: 1
    37          max: 65535
    38    readOnlyRootFilesystem: false
    39  {{- end }}