Skip to content

GitLab

Switch branch/tag
Find file Normal viewHistoryPermalink
psp.yaml 774 Bytes
Newer Older
shanewxy's avatar
Copied from rancher-logging/0.1.3  
shanewxy committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 
{{- if .Values.global.podSecurityPolicy.enabled }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
  name: {{ .Release.Name }}-psp
  labels:
    app: {{ template "logging.name" . }}
    chart: {{ template "logging.version" . }}
    release: {{ .Release.Name }}
    heritage: {{ .Release.Service }}
spec:
  allowPrivilegeEscalation: false
  fsGroup:
    ranges:
    - max: 65535
      min: 1
    rule: MustRunAs
  requiredDropCapabilities:
  - ALL
  runAsUser:
    rule: RunAsAny
  seLinux:
    rule: RunAsAny
  supplementalGroups:
    ranges:
    - max: 65535
      min: 1
    rule: MustRunAs
  volumes:
  - configMap
  - emptyDir
  - projected
  - secret
  - downwardAPI
  - persistentVolumeClaim
  - hostPath
  allowedHostPaths:
    - pathPrefix: /
{{- end }}