summaryrefslogtreecommitdiffstats
path: root/deployments/helm/servicemesh/metallb/templates/psp.yaml
blob: 891aeb60eaf2ce447c755f7216babf78f33fe104 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33

{{- if .Values.psp.create -}}

apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
  name: {{ template "metallb.fullname" . }}-speaker
  labels:
    heritage: {{ .Release.Service | quote }}
    release: {{ .Release.Name | quote }}
    chart: {{ template "metallb.chart" . }}
    app: {{ template "metallb.name" . }}
spec:
  hostNetwork: true
  hostPorts:
  - min: 7472
    max: 7472
  privileged: true
  allowPrivilegeEscalation: false
  allowedCapabilities:
  - 'NET_ADMIN'
  - 'NET_RAW'
  - 'SYS_ADMIN'
  volumes:
  - '*'
  fsGroup:
    rule: RunAsAny
  runAsUser:
    rule: RunAsAny
  seLinux:
    rule: RunAsAny
  supplementalGroups:
    rule: RunAsAny
{{- end -}}