You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
|
|
---apiVersion: policy/v1beta1kind: PodSecurityPolicymetadata: name: registry-proxy annotations: seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default'{% if apparmor_enabled %} apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default'{% endif %} labels: addonmanager.kubernetes.io/mode: Reconcilespec: privileged: false allowPrivilegeEscalation: false requiredDropCapabilities: - SETPCAP - MKNOD - AUDIT_WRITE - NET_RAW - DAC_OVERRIDE - FOWNER - FSETID - KILL - SYS_CHROOT - SETFCAP volumes: - 'configMap' - 'emptyDir' - 'projected' - 'secret' - 'downwardAPI' - 'persistentVolumeClaim' hostNetwork: true hostPorts: - min: {{ registry_port }} max: {{ registry_port }} hostIPC: false hostPID: false runAsUser: rule: 'RunAsAny' seLinux: rule: 'RunAsAny' supplementalGroups: rule: 'MustRunAs' ranges: - min: 1 max: 65535 fsGroup: rule: 'MustRunAs' ranges: - min: 1 max: 65535 readOnlyRootFilesystem: false
|
