github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/thanos/templates/query/psp.yaml (about) 1 {{- $query := (include "thanos.query.values" . | fromYaml) -}} 2 {{- $pspAvailable := (semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .)) -}} 3 {{- if and $pspAvailable $query.enabled $query.pspEnabled $query.rbac.create -}} 4 apiVersion: policy/v1beta1 5 kind: PodSecurityPolicy 6 metadata: 7 name: {{ include "common.names.fullname" . }}-query 8 namespace: {{ .Release.Namespace | quote }} 9 labels: {{- include "common.labels.standard" . | nindent 4 }} 10 app.kubernetes.io/component: query 11 {{- if .Values.commonLabels }} 12 {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} 13 {{- end }} 14 {{- if .Values.commonAnnotations }} 15 annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 16 {{- end }} 17 spec: 18 fsGroup: 19 rule: RunAsAny 20 runAsUser: 21 ranges: 22 - max: 1001 23 min: 1001 24 rule: MustRunAs 25 seLinux: 26 rule: RunAsAny 27 supplementalGroups: 28 rule: RunAsAny 29 volumes: 30 - secret 31 {{- end -}}