github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/rancher-backup/templates/psp.yaml

github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/rancher-backup/templates/psp.yaml (about)

     1  {{- if .Values.psp.enabled }}
     2  {{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }}
     3  apiVersion: policy/v1beta1
     4  kind: PodSecurityPolicy
     5  metadata:
     6    name: {{ include "backupRestore.fullname" . }}-psp
     7    labels: {{ include "backupRestore.labels" . | nindent 4 }}
     8  spec:
     9    privileged: false
    10    allowPrivilegeEscalation: false
    11    hostNetwork: false
    12    hostIPC: false
    13    hostPID: false
    14    runAsUser:
    15      rule: 'MustRunAsNonRoot'
    16    seLinux:
    17      rule: 'RunAsAny'
    18    supplementalGroups:
    19      rule: 'MustRunAs'
    20      ranges:
    21        - min: 1
    22          max: 65535
    23    fsGroup:
    24      rule: 'MustRunAs'
    25      ranges:
    26        - min: 1
    27          max: 65535
    28    readOnlyRootFilesystem: false
    29    volumes:
    30      - 'persistentVolumeClaim'
    31      - 'secret'
    32  {{- end }}
    33  {{- end }}