github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/rancher/templates/post-delete-hook-psp.yaml

github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/rancher/templates/post-delete-hook-psp.yaml (about)

     1  {{- if eq (include "rancher.chart_psp_enabled" . ) "true" -}}
     2  apiVersion: policy/v1beta1
     3  kind: PodSecurityPolicy
     4  metadata:
     5    name: {{ include "rancher.fullname" . }}-post-delete
     6    labels: {{ include "rancher.labels" . | nindent 4 }}
     7    annotations:
     8      "helm.sh/hook": post-delete
     9      "helm.sh/hook-weight": "1"
    10      "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
    11  spec:
    12    privileged: false
    13    hostNetwork: false
    14    hostIPC: false
    15    hostPID: false
    16    runAsUser:
    17      rule: 'RunAsAny'
    18    seLinux:
    19      rule: 'RunAsAny'
    20    supplementalGroups:
    21      rule: 'MustRunAs'
    22      ranges:
    23        - min: 1
    24          max: 65535
    25    fsGroup:
    26      rule: 'MustRunAs'
    27      ranges:
    28        - min: 1
    29          max: 65535
    30    readOnlyRootFilesystem: false
    31    volumes:
    32      - 'secret'
    33      - 'configMap'
    34  {{- end }}