Blame - charts/vector/templates/psp.yaml - atmosphere

blob: 337b1b3418c869f5d4a25ce3c2190679e6e708a1 [file] [log] [blame]

Mohammed Naser	8a2c8fb	2023-02-19 17:23:55 +0000	[diff] [blame]	1	{{- if and .Values.psp.create (.Capabilities.APIVersions.Has "policy/v1beta1") }}
				2	apiVersion: policy/v1beta1
				3	kind: PodSecurityPolicy
				4	metadata:
				5	name: {{ include "vector.fullname" . }}
				6	labels:
				7	{{- include "vector.labels" . \| nindent 4 }}
				8	spec:
				9	privileged: false
				10	allowPrivilegeEscalation: false
				11	readOnlyRootFilesystem: false
				12	requiredDropCapabilities:
				13	- ALL
				14	volumes:
				15	- 'hostPath'
				16	- 'configMap'
				17	- 'emptyDir'
				18	- 'secret'
				19	- 'projected'
				20	allowedHostPaths:
				21	- pathPrefix: "/var/log"
				22	readOnly: true
				23	- pathPrefix: "/var/lib"
				24	readOnly: true
				25	- pathPrefix: {{ .Values.persistence.hostPath.path \| quote }}
				26	readOnly: false
				27	- pathPrefix: "/sys"
				28	readOnly: true
				29	- pathPrefix: "/proc"
				30	readOnly: true
Mohammed Naser	7d1623e	2024-06-17 09:12:39 -0400	[diff] [blame]	31	hostNetwork: {{ .Values.podHostNetwork }}
Mohammed Naser	8a2c8fb	2023-02-19 17:23:55 +0000	[diff] [blame]	32	hostIPC: false
				33	hostPID: false
				34	runAsUser:
				35	rule: 'RunAsAny'
				36	seLinux:
				37	rule: 'RunAsAny'
				38	supplementalGroups:
				39	rule: 'MustRunAs'
				40	ranges:
				41	- min: 1
				42	max: 65535
				43	fsGroup:
				44	rule: 'MustRunAs'
				45	ranges:
				46	- min: 1
				47	max: 65535
				48	{{- end }}