{{ if and .Values.global.cattle.psp.enabled }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
  name: psp.logging-operator
  namespace: {{ include "logging-operator.namespace" . }}
  annotations:
{{- if .Values.rbac.psp.annotations }}
{{ toYaml .Values.rbac.psp.annotations | indent 4 }}
{{- end }}
  labels:
{{ include "logging-operator.labels" . | indent 4 }}
spec:
  readOnlyRootFilesystem: true
  privileged: false
  allowPrivilegeEscalation: false
  runAsUser:
    rule: MustRunAsNonRoot
  fsGroup:
    rule: MustRunAs
    ranges:
      - min: 1
        max: 65535
  supplementalGroups:
    rule: MustRunAs
    ranges:
      - min: 1
        max: 65535
  seLinux:
    rule: RunAsAny
  volumes:
    - secret
    - configMap
{{ end }}