aboutsummaryrefslogtreecommitdiffstats
path: root/vnfs/DAaaS/prometheus-operator/templates/alertmanager/psp.yaml
diff options
context:
space:
mode:
authorSrivahni <srivahni.chivukula@intel.com>2019-03-08 10:29:07 -0800
committerSrivahni <srivahni.chivukula@intel.com>2019-03-08 11:34:05 -0800
commit6d7c9539bb348af48f6c3d109c46f6f22d927be0 (patch)
treee352fb0361dd7b2de9e8d115a92bdf835d3c420e /vnfs/DAaaS/prometheus-operator/templates/alertmanager/psp.yaml
parentafddb9a1dd8cc82a02c09ac790bf19afbe01ebba (diff)
Remove redundant directories
Change-Id: I0b39b22d0cf4dba0c1bee6b142b95b78e697b569 Issue-ID: ONAPARC-393 Signed-off-by: Srivahni Chivukula <srivahni.chivukula@intel.com>
Diffstat (limited to 'vnfs/DAaaS/prometheus-operator/templates/alertmanager/psp.yaml')
-rw-r--r--vnfs/DAaaS/prometheus-operator/templates/alertmanager/psp.yaml48
1 files changed, 0 insertions, 48 deletions
diff --git a/vnfs/DAaaS/prometheus-operator/templates/alertmanager/psp.yaml b/vnfs/DAaaS/prometheus-operator/templates/alertmanager/psp.yaml
deleted file mode 100644
index 01eda240..00000000
--- a/vnfs/DAaaS/prometheus-operator/templates/alertmanager/psp.yaml
+++ /dev/null
@@ -1,48 +0,0 @@
-{{- if and .Values.alertmanager.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }}
-apiVersion: policy/v1beta1
-kind: PodSecurityPolicy
-metadata:
- name: {{ template "prometheus-operator.fullname" . }}-alertmanager
- labels:
- app: {{ template "prometheus-operator.name" . }}-alertmanager
-{{ include "prometheus-operator.labels" . | indent 4 }}
-spec:
- privileged: false
- # Required to prevent escalations to root.
- # allowPrivilegeEscalation: false
- # This is redundant with non-root + disallow privilege escalation,
- # but we can provide it for defense in depth.
- #requiredDropCapabilities:
- # - ALL
- # Allow core volume types.
- volumes:
- - 'configMap'
- - 'emptyDir'
- - 'projected'
- - 'secret'
- - 'downwardAPI'
- - 'persistentVolumeClaim'
- hostNetwork: false
- hostIPC: false
- hostPID: false
- runAsUser:
- # Permits the container to run with root privileges as well.
- rule: 'RunAsAny'
- seLinux:
- # This policy assumes the nodes are using AppArmor rather than SELinux.
- rule: 'RunAsAny'
- supplementalGroups:
- rule: 'MustRunAs'
- ranges:
- # Forbid adding the root group.
- - min: 0
- max: 65535
- fsGroup:
- rule: 'MustRunAs'
- ranges:
- # Forbid adding the root group.
- - min: 0
- max: 65535
- readOnlyRootFilesystem: false
-{{- end }}
-