| 1234567891011121314151617181920212223242526272829303132333435363738394041 |
- {{- $pspAvailable := (semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .)) -}}
- {{- if and $pspAvailable .Values.psp.create }}
- apiVersion: policy/v1beta1
- kind: PodSecurityPolicy
- metadata:
- name: {{ include "common.names.fullname" . }}
- namespace: {{ .Release.Namespace | quote }}
- labels: {{- include "common.labels.standard" . | nindent 4 }}
- {{- if .Values.commonLabels }}
- {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
- {{- end }}
- {{- if .Values.commonAnnotations }}
- annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
- {{- end }}
- spec:
- privileged: false
- volumes:
- - 'configMap'
- - 'secret'
- - 'persistentVolumeClaim'
- - 'emptyDir'
- - 'projected'
- hostNetwork: false
- hostIPC: false
- hostPID: false
- runAsUser:
- rule: 'RunAsAny'
- seLinux:
- rule: 'RunAsAny'
- supplementalGroups:
- rule: 'MustRunAs'
- ranges:
- - min: 1
- max: 65535
- fsGroup:
- rule: 'MustRunAs'
- ranges:
- - min: 1
- max: 65535
- readOnlyRootFilesystem: false
- {{- end }}
|
