aboutsummaryrefslogtreecommitdiffstats
path: root/deployments/helm/servicemesh/metallb/templates/psp.yaml
diff options
context:
space:
mode:
Diffstat (limited to 'deployments/helm/servicemesh/metallb/templates/psp.yaml')
-rw-r--r--deployments/helm/servicemesh/metallb/templates/psp.yaml33
1 files changed, 33 insertions, 0 deletions
diff --git a/deployments/helm/servicemesh/metallb/templates/psp.yaml b/deployments/helm/servicemesh/metallb/templates/psp.yaml
new file mode 100644
index 00000000..891aeb60
--- /dev/null
+++ b/deployments/helm/servicemesh/metallb/templates/psp.yaml
@@ -0,0 +1,33 @@
+{{- if .Values.psp.create -}}
+
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+ name: {{ template "metallb.fullname" . }}-speaker
+ labels:
+ heritage: {{ .Release.Service | quote }}
+ release: {{ .Release.Name | quote }}
+ chart: {{ template "metallb.chart" . }}
+ app: {{ template "metallb.name" . }}
+spec:
+ hostNetwork: true
+ hostPorts:
+ - min: 7472
+ max: 7472
+ privileged: true
+ allowPrivilegeEscalation: false
+ allowedCapabilities:
+ - 'NET_ADMIN'
+ - 'NET_RAW'
+ - 'SYS_ADMIN'
+ volumes:
+ - '*'
+ fsGroup:
+ rule: RunAsAny
+ runAsUser:
+ rule: RunAsAny
+ seLinux:
+ rule: RunAsAny
+ supplementalGroups:
+ rule: RunAsAny
+{{- end -}}