kud/tests/vnfs/comp-app/collection/app2/helm/prometheus-operator/charts/kube-state-metrics/templates/podsecuritypolicy.yaml

   1 {{- if .Values.podSecurityPolicy.enabled }}
   2 apiVersion: policy/v1beta1
   3 kind: PodSecurityPolicy
   4 metadata:
   5   name: {{ template "kube-state-metrics.fullname" . }}
   6   labels:
   7     app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }}
   8     helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
   9     app.kubernetes.io/managed-by: {{ .Release.Service }}
  10     app.kubernetes.io/instance: {{ .Release.Name }}
  11 {{- if .Values.podSecurityPolicy.annotations }}
  12   annotations:
  13 {{ toYaml .Values.podSecurityPolicy.annotations | indent 4 }}
  14 {{- end }}
  15 spec:
  16   privileged: false
  17   volumes:
  18     - 'secret'
  19 {{- if .Values.podSecurityPolicy.additionalVolumes }}
  20 {{ toYaml .Values.podSecurityPolicy.additionalVolumes | indent 4 }}
  21 {{- end }}
  22   hostNetwork: false
  23   hostIPC: false
  24   hostPID: false
  25   runAsUser:
  26     rule: 'MustRunAsNonRoot'
  27   seLinux:
  28     rule: 'RunAsAny'
  29   supplementalGroups:
  30     rule: 'MustRunAs'
  31     ranges:
  32       # Forbid adding the root group.
  33       - min: 1
  34         max: 65535
  35   fsGroup:
  36     rule: 'MustRunAs'
  37     ranges:
  38       # Forbid adding the root group.
  39       - min: 1
  40         max: 65535
  41   readOnlyRootFilesystem: false
  42 {{- end }}