1 {{- if .Values.rbac.pspEnabled }}
2 apiVersion: extensions/v1beta1
3 kind: PodSecurityPolicy
5 name: {{ template "grafana.fullname" . }}
7 app: {{ template "grafana.name" . }}
8 chart: {{ .Chart.Name }}-{{ .Chart.Version }}
9 heritage: {{ .Release.Service }}
10 release: {{ .Release.Name }}
12 seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default'
13 seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default'
14 {{- if .Values.rbac.pspUseAppArmor }}
15 apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default'
16 apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
20 allowPrivilegeEscalation: false
21 requiredDropCapabilities:
22 # Default set from Docker, without DAC_OVERRIDE or CHOWN
41 - 'persistentVolumeClaim'
53 readOnlyRootFilesystem: false