diff options
Diffstat (limited to 'vnfs/DAaaS/prometheus-operator/templates/alertmanager/psp.yaml')
-rw-r--r-- | vnfs/DAaaS/prometheus-operator/templates/alertmanager/psp.yaml | 48 |
1 files changed, 0 insertions, 48 deletions
diff --git a/vnfs/DAaaS/prometheus-operator/templates/alertmanager/psp.yaml b/vnfs/DAaaS/prometheus-operator/templates/alertmanager/psp.yaml deleted file mode 100644 index 01eda240..00000000 --- a/vnfs/DAaaS/prometheus-operator/templates/alertmanager/psp.yaml +++ /dev/null @@ -1,48 +0,0 @@ -{{- if and .Values.alertmanager.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "prometheus-operator.fullname" . }}-alertmanager - labels: - app: {{ template "prometheus-operator.name" . }}-alertmanager -{{ include "prometheus-operator.labels" . | indent 4 }} -spec: - privileged: false - # Required to prevent escalations to root. - # allowPrivilegeEscalation: false - # This is redundant with non-root + disallow privilege escalation, - # but we can provide it for defense in depth. - #requiredDropCapabilities: - # - ALL - # Allow core volume types. - volumes: - - 'configMap' - - 'emptyDir' - - 'projected' - - 'secret' - - 'downwardAPI' - - 'persistentVolumeClaim' - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - # Permits the container to run with root privileges as well. - rule: 'RunAsAny' - seLinux: - # This policy assumes the nodes are using AppArmor rather than SELinux. - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 0 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 0 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} - |