github.com/yankunsam/loki/v2@v2.6.3-0.20220817130409-389df5235c27/production/helm/fluent-bit/templates/podsecuritypolicy.yaml

github.com/yankunsam/loki/v2@v2.6.3-0.20220817130409-389df5235c27/production/helm/fluent-bit/templates/podsecuritypolicy.yaml (about)

     1  {{- if .Values.rbac.pspEnabled }}
     2  apiVersion: policy/v1beta1
     3  kind: PodSecurityPolicy
     4  metadata:
     5    name: {{ template "fluent-bit-loki.fullname" . }}
     6    labels:
     7      app: {{ template "fluent-bit-loki.name" . }}
     8      chart: {{ template "fluent-bit-loki.chart" . }}
     9      heritage: {{ .Release.Service }}
    10      release: {{ .Release.Name }}
    11  spec:
    12    privileged: false
    13    allowPrivilegeEscalation: false
    14    volumes:
    15      - 'secret'
    16      - 'configMap'
    17      - 'hostPath'
    18      - 'projected'
    19      - 'downwardAPI'
    20    hostNetwork: false
    21    hostIPC: false
    22    hostPID: false
    23    runAsUser:
    24      rule: 'RunAsAny'
    25    seLinux:
    26      rule: 'RunAsAny'
    27    supplementalGroups:
    28      rule: 'RunAsAny'
    29    fsGroup:
    30      rule: 'RunAsAny'
    31    readOnlyRootFilesystem: true
    32    requiredDropCapabilities:
    33      - ALL
    34  {{- end }}