| Giorgi Lekveishvili | 8c99d62 | 2023-05-30 14:40:50 +0400 | [diff] [blame] | 1 | {{- $pspAvailable := (semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .)) -}} |
| 2 | {{- if and $pspAvailable .Values.psp.create }} |
| 3 | apiVersion: policy/v1beta1 |
| 4 | kind: PodSecurityPolicy |
| 5 | metadata: |
| 6 | name: {{ include "common.names.fullname" . }} |
| 7 | namespace: {{ .Release.Namespace | quote }} |
| 8 | labels: {{- include "common.labels.standard" . | nindent 4 }} |
| 9 | {{- if .Values.commonLabels }} |
| 10 | {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} |
| 11 | {{- end }} |
| 12 | {{- if .Values.commonAnnotations }} |
| 13 | annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} |
| 14 | {{- end }} |
| 15 | spec: |
| 16 | privileged: false |
| 17 | volumes: |
| 18 | - 'configMap' |
| 19 | - 'secret' |
| 20 | - 'persistentVolumeClaim' |
| 21 | - 'emptyDir' |
| 22 | - 'projected' |
| 23 | hostNetwork: false |
| 24 | hostIPC: false |
| 25 | hostPID: false |
| 26 | runAsUser: |
| 27 | rule: 'RunAsAny' |
| 28 | seLinux: |
| 29 | rule: 'RunAsAny' |
| 30 | supplementalGroups: |
| 31 | rule: 'MustRunAs' |
| 32 | ranges: |
| 33 | - min: 1 |
| 34 | max: 65535 |
| 35 | fsGroup: |
| 36 | rule: 'MustRunAs' |
| 37 | ranges: |
| 38 | - min: 1 |
| 39 | max: 65535 |
| 40 | readOnlyRootFilesystem: false |
| 41 | {{- end }} |