You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

44 lines
1.0 KiB

  1. ---
  2. apiVersion: policy/v1beta1
  3. kind: PodSecurityPolicy
  4. metadata:
  5. name: registry
  6. annotations:
  7. seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default'
  8. seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default'
  9. {% if apparmor_enabled %}
  10. apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
  11. apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default'
  12. {% endif %}
  13. labels:
  14. addonmanager.kubernetes.io/mode: Reconcile
  15. spec:
  16. privileged: false
  17. allowPrivilegeEscalation: false
  18. requiredDropCapabilities:
  19. - ALL
  20. volumes:
  21. - 'configMap'
  22. - 'emptyDir'
  23. - 'projected'
  24. - 'secret'
  25. - 'downwardAPI'
  26. - 'persistentVolumeClaim'
  27. hostNetwork: false
  28. hostIPC: false
  29. hostPID: false
  30. runAsUser:
  31. rule: 'RunAsAny'
  32. seLinux:
  33. rule: 'RunAsAny'
  34. supplementalGroups:
  35. rule: 'MustRunAs'
  36. ranges:
  37. - min: 1
  38. max: 65535
  39. fsGroup:
  40. rule: 'MustRunAs'
  41. ranges:
  42. - min: 1
  43. max: 65535
  44. readOnlyRootFilesystem: false