charts/ingress-nginx/templates/default-backend-psp.yaml - pcloud - Gitiles

 {{- if (semverCompare "<1.25.0-0" .Capabilities.KubeVersion.Version) }}
 {{- if and .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled (empty .Values.defaultBackend.existingPsp) -}}
 apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
 metadata:
   name: {{ include "ingress-nginx.fullname" . }}-backend
   labels:
     {{- include "ingress-nginx.labels" . | nindent 4 }}
     app.kubernetes.io/component: default-backend
     {{- with .Values.defaultBackend.labels }}
     {{- toYaml . | nindent 4 }}
     {{- end }}
 spec:
   allowPrivilegeEscalation: false
   fsGroup:
     ranges:
     - max: 65535
       min: 1
     rule: MustRunAs
   requiredDropCapabilities:
   - ALL
   runAsUser:
     rule: MustRunAsNonRoot
   seLinux:
     rule: RunAsAny
   supplementalGroups:
     ranges:
     - max: 65535
       min: 1
     rule: MustRunAs
   volumes:
   - configMap
   - emptyDir
   - projected
   - secret
   - downwardAPI
 {{- end }}
 {{- end }}
	{{- if (semverCompare "<1.25.0-0" .Capabilities.KubeVersion.Version) }}
	{{- if and .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled (empty .Values.defaultBackend.existingPsp) -}}
	apiVersion: policy/v1beta1
	kind: PodSecurityPolicy
	metadata:
	name: {{ include "ingress-nginx.fullname" . }}-backend
	labels:
	{{- include "ingress-nginx.labels" . \| nindent 4 }}
	app.kubernetes.io/component: default-backend
	{{- with .Values.defaultBackend.labels }}
	{{- toYaml . \| nindent 4 }}
	{{- end }}
	spec:
	allowPrivilegeEscalation: false
	fsGroup:
	ranges:
	- max: 65535
	min: 1
	rule: MustRunAs
	requiredDropCapabilities:
	- ALL
	runAsUser:
	rule: MustRunAsNonRoot
	seLinux:
	rule: RunAsAny
	supplementalGroups:
	ranges:
	- max: 65535
	min: 1
	rule: MustRunAs
	volumes:
	- configMap
	- emptyDir
	- projected
	- secret
	- downwardAPI
	{{- end }}
	{{- end }}