You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
|
|
---apiVersion: policy/v1beta1kind: PodSecurityPolicymetadata: name: local-volume-provisioner annotations: seccomp.security.alpha.kubernetes.io/defaultProfileName: 'runtime/default' seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'runtime/default'{% if apparmor_enabled %} apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default'{% endif %} labels: addonmanager.kubernetes.io/mode: Reconcilespec: privileged: true allowPrivilegeEscalation: true requiredDropCapabilities: - ALL volumes: - 'configMap' - 'emptyDir' - 'secret' - 'downwardAPI' - 'hostPath' allowedHostPaths:{% for class_name, class_config in local_volume_provisioner_storage_classes.items() %} - pathPrefix: "{{ class_config.host_dir }}" readOnly: false{% endfor %} hostNetwork: false hostIPC: false hostPID: false runAsUser: rule: 'RunAsAny' seLinux: rule: 'RunAsAny' supplementalGroups: rule: 'MustRunAs' ranges: - min: 1 max: 65535 fsGroup: rule: 'RunAsAny' readOnlyRootFilesystem: false
|
