diff options
Diffstat (limited to 'deployments/helm/servicemesh/metallb/templates/psp.yaml')
-rw-r--r-- | deployments/helm/servicemesh/metallb/templates/psp.yaml | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/deployments/helm/servicemesh/metallb/templates/psp.yaml b/deployments/helm/servicemesh/metallb/templates/psp.yaml new file mode 100644 index 00000000..891aeb60 --- /dev/null +++ b/deployments/helm/servicemesh/metallb/templates/psp.yaml @@ -0,0 +1,33 @@ +{{- if .Values.psp.create -}} + +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "metallb.fullname" . }}-speaker + labels: + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} + chart: {{ template "metallb.chart" . }} + app: {{ template "metallb.name" . }} +spec: + hostNetwork: true + hostPorts: + - min: 7472 + max: 7472 + privileged: true + allowPrivilegeEscalation: false + allowedCapabilities: + - 'NET_ADMIN' + - 'NET_RAW' + - 'SYS_ADMIN' + volumes: + - '*' + fsGroup: + rule: RunAsAny + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny +{{- end -}} |