Permalink
Cannot retrieve contributors at this time
# https://github.com/kubernetes/examples/blob/master/staging/podsecuritypolicy/rbac/policies.yaml | |
# https://kubernetes.io/docs/concepts/policy/pod-security-policy/ | |
# https://cheatsheet.dennyzhang.com/kubernetes-yaml-templates | |
apiVersion: policy/v1beta1 | |
kind: PodSecurityPolicy | |
metadata: | |
name: restricted | |
spec: | |
privileged: false | |
fsGroup: | |
rule: RunAsAny | |
runAsUser: | |
rule: MustRunAsNonRoot | |
seLinux: | |
rule: RunAsAny | |
supplementalGroups: | |
rule: RunAsAny | |
volumes: | |
- 'emptyDir' | |
- 'secret' | |
- 'downwardAPI' | |
- 'configMap' | |
- 'persistentVolumeClaim' | |
- 'projected' | |
hostPID: false | |
hostIPC: false | |
hostNetwork: false |