1 {{- if .Values.pspEnable }}
2 # PSP for rook-ceph-operator
4 # Most of the teams follow the kubernetes docs and have these PSPs.
5 # * privileged (for kube-system namespace)
6 # * restricted (for all logged in users)
8 # If we name it as `rook-ceph-operator`, it comes next to `restricted` PSP alphabetically,
9 # and applies `restricted` capabilities to `rook-system`. Thats reason this is named with `00-rook-ceph-operator`,
10 # so it stays somewhere close to top and `rook-system` gets the intended PSP.
12 # More info on PSP ordering : https://kubernetes.io/docs/concepts/policy/pod-security-policy/#policy-order
14 apiVersion: extensions/v1beta1
15 kind: PodSecurityPolicy
17 name: 00-rook-ceph-operator