{{- if .Values.networkCosts }}
{{- if .Values.networkCosts.enabled }}
{{- if .Values.networkCosts.podSecurityPolicy }}
{{- if .Values.networkCosts.podSecurityPolicy.enabled }}
apiVersion: {{ include "cost-analyzer.podSecurityPolicy.apiVersion" . }}
kind: PodSecurityPolicy
metadata:
    name: {{ template "cost-analyzer.fullname" . }}-network-costs
    labels:
      {{ include "cost-analyzer.commonLabels" . | nindent 6 }}
spec:
    privileged: true
    hostNetwork: true
    allowedHostPaths:
    {{- if .Values.networkCosts.hostProc }}
    - pathPrefix: {{ default "/proc" .Values.networkCosts.hostProc.hostPath }}
      readOnly: false
    {{- else }}
    - pathPrefix: /proc
      readOnly: false
    {{- end }}    
    hostPorts:
    - min: 1
      max: 65535
    seLinux:
        rule: RunAsAny
    supplementalGroups:
        rule: RunAsAny
    runAsUser:
        rule: RunAsAny
    fsGroup:
        rule: RunAsAny
    volumes:
        - '*'
{{- end }}
{{- end }}
{{- end }}
{{- end }}