aboutsummaryrefslogtreecommitdiffstats
path: root/deployments/helm/servicemesh/metallb/templates/psp.yaml
diff options
context:
space:
mode:
authorKiran Kamineni <kiran.k.kamineni@intel.com>2019-08-20 22:56:28 +0000
committerGerrit Code Review <gerrit@onap.org>2019-08-20 22:56:28 +0000
commit644c005d9f434ec5400e8f74b7456dfc419f74b0 (patch)
tree048ba354d39412da87c43c760b606f688aaa52bf /deployments/helm/servicemesh/metallb/templates/psp.yaml
parent177d3560420953f7cd0dcecfc2b2701ac44244da (diff)
parent00aef564fd76691a99de65d11e3632506a0c6d36 (diff)
Merge "Adding Helm charts of MetalLB"
Diffstat (limited to 'deployments/helm/servicemesh/metallb/templates/psp.yaml')
-rw-r--r--deployments/helm/servicemesh/metallb/templates/psp.yaml33
1 files changed, 33 insertions, 0 deletions
diff --git a/deployments/helm/servicemesh/metallb/templates/psp.yaml b/deployments/helm/servicemesh/metallb/templates/psp.yaml
new file mode 100644
index 00000000..891aeb60
--- /dev/null
+++ b/deployments/helm/servicemesh/metallb/templates/psp.yaml
@@ -0,0 +1,33 @@
+{{- if .Values.psp.create -}}
+
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+ name: {{ template "metallb.fullname" . }}-speaker
+ labels:
+ heritage: {{ .Release.Service | quote }}
+ release: {{ .Release.Name | quote }}
+ chart: {{ template "metallb.chart" . }}
+ app: {{ template "metallb.name" . }}
+spec:
+ hostNetwork: true
+ hostPorts:
+ - min: 7472
+ max: 7472
+ privileged: true
+ allowPrivilegeEscalation: false
+ allowedCapabilities:
+ - 'NET_ADMIN'
+ - 'NET_RAW'
+ - 'SYS_ADMIN'
+ volumes:
+ - '*'
+ fsGroup:
+ rule: RunAsAny
+ runAsUser:
+ rule: RunAsAny
+ seLinux:
+ rule: RunAsAny
+ supplementalGroups:
+ rule: RunAsAny
+{{- end -}}