diff options
Diffstat (limited to 'vnfs/DAaaS/rook-ceph/templates/psp.yaml')
-rw-r--r-- | vnfs/DAaaS/rook-ceph/templates/psp.yaml | 35 |
1 files changed, 0 insertions, 35 deletions
diff --git a/vnfs/DAaaS/rook-ceph/templates/psp.yaml b/vnfs/DAaaS/rook-ceph/templates/psp.yaml deleted file mode 100644 index 412b2437..00000000 --- a/vnfs/DAaaS/rook-ceph/templates/psp.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{- if .Values.pspEnable }} -# PSP for rook-ceph-operator - -# Most of the teams follow the kubernetes docs and have these PSPs. -# * privileged (for kube-system namespace) -# * restricted (for all logged in users) -# -# If we name it as `rook-ceph-operator`, it comes next to `restricted` PSP alphabetically, -# and applies `restricted` capabilities to `rook-system`. Thats reason this is named with `00-rook-ceph-operator`, -# so it stays somewhere close to top and `rook-system` gets the intended PSP. -# -# More info on PSP ordering : https://kubernetes.io/docs/concepts/policy/pod-security-policy/#policy-order - -apiVersion: extensions/v1beta1 -kind: PodSecurityPolicy -metadata: - name: 00-rook-ceph-operator -spec: - fsGroup: - rule: RunAsAny - privileged: true - runAsUser: - rule: RunAsAny - seLinux: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - volumes: - - '*' - allowedCapabilities: - - '*' - hostPID: true - hostIPC: true - hostNetwork: true -{{- end }} |