summaryrefslogtreecommitdiffstats
path: root/vnfs/DAaaS/rook-ceph/templates/psp.yaml
diff options
context:
space:
mode:
Diffstat (limited to 'vnfs/DAaaS/rook-ceph/templates/psp.yaml')
-rw-r--r--vnfs/DAaaS/rook-ceph/templates/psp.yaml35
1 files changed, 0 insertions, 35 deletions
diff --git a/vnfs/DAaaS/rook-ceph/templates/psp.yaml b/vnfs/DAaaS/rook-ceph/templates/psp.yaml
deleted file mode 100644
index 412b2437..00000000
--- a/vnfs/DAaaS/rook-ceph/templates/psp.yaml
+++ /dev/null
@@ -1,35 +0,0 @@
-{{- if .Values.pspEnable }}
-# PSP for rook-ceph-operator
-
-# Most of the teams follow the kubernetes docs and have these PSPs.
-# * privileged (for kube-system namespace)
-# * restricted (for all logged in users)
-#
-# If we name it as `rook-ceph-operator`, it comes next to `restricted` PSP alphabetically,
-# and applies `restricted` capabilities to `rook-system`. Thats reason this is named with `00-rook-ceph-operator`,
-# so it stays somewhere close to top and `rook-system` gets the intended PSP.
-#
-# More info on PSP ordering : https://kubernetes.io/docs/concepts/policy/pod-security-policy/#policy-order
-
-apiVersion: extensions/v1beta1
-kind: PodSecurityPolicy
-metadata:
- name: 00-rook-ceph-operator
-spec:
- fsGroup:
- rule: RunAsAny
- privileged: true
- runAsUser:
- rule: RunAsAny
- seLinux:
- rule: RunAsAny
- supplementalGroups:
- rule: RunAsAny
- volumes:
- - '*'
- allowedCapabilities:
- - '*'
- hostPID: true
- hostIPC: true
- hostNetwork: true
-{{- end }}