1 {{- if .Values.podSecurityPolicy.enabled }}
2 apiVersion: policy/v1beta1
3 kind: PodSecurityPolicy
5 name: {{ template "kube-state-metrics.fullname" . }}
7 app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }}
8 helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
9 app.kubernetes.io/managed-by: {{ .Release.Service }}
10 app.kubernetes.io/instance: {{ .Release.Name }}
11 {{- if .Values.podSecurityPolicy.annotations }}
13 {{ toYaml .Values.podSecurityPolicy.annotations | indent 4 }}
19 {{- if .Values.podSecurityPolicy.additionalVolumes }}
20 {{ toYaml .Values.podSecurityPolicy.additionalVolumes | indent 4 }}
26 rule: 'MustRunAsNonRoot'
32 # Forbid adding the root group.
38 # Forbid adding the root group.
41 readOnlyRootFilesystem: false