rancher-charts/charts/rancher-logging/100.0.1+up3.15.0/templates/psp.yaml

{{ if and .Values.rbac.enabled .Values.rbac.psp.enabled }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
  name: psp.logging-operator
  namespace: {{ include "logging-operator.namespace" . }}
  annotations:
{{- if .Values.rbac.psp.annotations }}
{{ toYaml .Values.rbac.psp.annotations | indent 4 }}
{{- end }}
  labels:
{{ include "logging-operator.labels" . | indent 4 }}
spec:
  readOnlyRootFilesystem: true
  privileged: false
  allowPrivilegeEscalation: false
  runAsUser:
    rule: MustRunAsNonRoot
  fsGroup:
    rule: MustRunAs
    ranges:
      - min: 1
        max: 65535
  supplementalGroups:
    rule: MustRunAs
    ranges:
      - min: 1
        max: 65535
  seLinux:
    rule: RunAsAny
  volumes:
    - secret
    - configMap
{{ end }}
add charts 2021-08-30 16:48:23 +00:00			`{{ if and .Values.rbac.enabled .Values.rbac.psp.enabled }}`
			`apiVersion: policy/v1beta1`
			`kind: PodSecurityPolicy`
			`metadata:`
			`name: psp.logging-operator`
			`namespace: {{ include "logging-operator.namespace" . }}`
			`annotations:`
			`{{- if .Values.rbac.psp.annotations }}`
			`{{ toYaml .Values.rbac.psp.annotations \| indent 4 }}`
			`{{- end }}`
			`labels:`
			`{{ include "logging-operator.labels" . \| indent 4 }}`
			`spec:`
			`readOnlyRootFilesystem: true`
			`privileged: false`
			`allowPrivilegeEscalation: false`
			`runAsUser:`
			`rule: MustRunAsNonRoot`
			`fsGroup:`
			`rule: MustRunAs`
			`ranges:`
			`- min: 1`
			`max: 65535`
			`supplementalGroups:`
			`rule: MustRunAs`
			`ranges:`
			`- min: 1`
			`max: 65535`
			`seLinux:`
			`rule: RunAsAny`
			`volumes:`
			`- secret`
			`- configMap`
			`{{ end }}`