rancher-partner-charts/charts/crowdstrike/falcon-sensor/templates/container_psp.yaml

{{- if lt (int (semver .Capabilities.KubeVersion.Version).Minor) 25 }}
{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }}
{{- if .Values.container.enabled }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
  name: {{ include "falcon-sensor.fullname" . }}-container
  labels:
    app: {{ include "falcon-sensor.name" . }}
    app.kubernetes.io/name: {{ include "falcon-sensor.name" . }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
    app.kubernetes.io/component: "container_sensor"
    crowdstrike.com/provider: crowdstrike
    helm.sh/chart: {{ include "falcon-sensor.chart" . }}
spec:
  allowPrivilegeEscalation: false
  readOnlyRootFilesystem: false
  requiredDropCapabilities:
  - KILL
  - MKNOD
  - SYS_CHROOT
  - AUDIT_WRITE
  - CHOWN
  - FOWNER
  - FSETID
  - NET_BIND_SERVICE
  - NET_RAW
  - SETPCAP
  allowedCapabilities:
  - SYS_PTRACE
  - DAC_OVERRIDE
  - SETUID
  - SETGID
  fsGroup:
    rule: RunAsAny
  hostIPC: false
  hostNetwork: false
  hostPID: false
  privileged: false
  runAsUser:
    rule: RunAsAny
  seLinux:
    rule: RunAsAny
  supplementalGroups:
    rule: RunAsAny
  volumes:
  - configMap
  - downwardAPI
  - emptyDir
  - persistentVolumeClaim
  - projected
  - secret
{{- end }}
{{- end }}
{{- end }}
Migrating crowdstrike/falcon-sensor chart 2022-12-17 01:00:54 +00:00			`{{- if lt (int (semver .Capabilities.KubeVersion.Version).Minor) 25 }}`
			`{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }}`
			`{{- if .Values.container.enabled }}`
			`apiVersion: policy/v1beta1`
			`kind: PodSecurityPolicy`
			`metadata:`
			`name: {{ include "falcon-sensor.fullname" . }}-container`
			`labels:`
			`app: {{ include "falcon-sensor.name" . }}`
			`app.kubernetes.io/name: {{ include "falcon-sensor.name" . }}`
			`app.kubernetes.io/instance: {{ .Release.Name }}`
			`app.kubernetes.io/managed-by: {{ .Release.Service }}`
			`app.kubernetes.io/component: "container_sensor"`
			`crowdstrike.com/provider: crowdstrike`
			`helm.sh/chart: {{ include "falcon-sensor.chart" . }}`
			`spec:`
			`allowPrivilegeEscalation: false`
			`readOnlyRootFilesystem: false`
			`requiredDropCapabilities:`
			`- KILL`
			`- MKNOD`
			`- SYS_CHROOT`
			`- AUDIT_WRITE`
			`- CHOWN`
			`- FOWNER`
			`- FSETID`
			`- NET_BIND_SERVICE`
			`- NET_RAW`
			`- SETPCAP`
			`allowedCapabilities:`
			`- SYS_PTRACE`
Charts CI ``` Updated: argo/argo-cd: - 5.17.1 asserts/asserts: - 1.28.0 bitnami/airflow: - 14.0.7 bitnami/kafka: - 20.0.3 bitnami/mysql: - 9.4.6 bitnami/postgresql: - 12.1.9 bitnami/redis: - 17.4.2 bitnami/spark: - 6.3.14 bitnami/tomcat: - 10.5.7 bitnami/wordpress: - 15.2.26 bitnami/zookeeper: - 11.0.3 cert-manager/cert-manager: - v1.11.0 codefresh/cf-runtime: - 1.9.6 crowdstrike/falcon-sensor: - 1.18.2 datadog/datadog: - 3.7.2 datawiza/access-broker: - 0.1.3 dynatrace/dynatrace-operator: - 0.10.2 f5/f5-bigip-ctlr: - 0.0.23 f5/nginx-ingress: - 0.16.0 gitlab/gitlab: - 6.7.3 haproxy/haproxy: - 1.26.0 jenkins/jenkins: - 4.2.20 jfrog/artifactory-ha: - 107.49.5 jfrog/artifactory-jcr: - 107.49.5 kuma/kuma: - 2.0.2 mongodb/community-operator: - 0.7.7 nats/nats: - 0.19.5 redpanda/redpanda: - 2.4.4 speedscale/speedscale-operator: - 1.2.14 yugabyte/yugabyte: - 2.14.6 yugabyte/yugaware: - 2.14.6 ``` 2023-01-12 21:32:12 +00:00			`- DAC_OVERRIDE`
			`- SETUID`
			`- SETGID`
Migrating crowdstrike/falcon-sensor chart 2022-12-17 01:00:54 +00:00			`fsGroup:`
			`rule: RunAsAny`
			`hostIPC: false`
			`hostNetwork: false`
			`hostPID: false`
			`privileged: false`
			`runAsUser:`
			`rule: RunAsAny`
			`seLinux:`
			`rule: RunAsAny`
			`supplementalGroups:`
			`rule: RunAsAny`
			`volumes:`
			`- configMap`
			`- downwardAPI`
			`- emptyDir`
			`- persistentVolumeClaim`
			`- projected`
			`- secret`
			`{{- end }}`
			`{{- end }}`
			`{{- end }}`