Permalink
Cannot retrieve contributors at this time
| # https://github.com/kubernetes/examples/blob/master/staging/podsecuritypolicy/rbac/policies.yaml | |
| # https://kubernetes.io/docs/concepts/policy/pod-security-policy/ | |
| # https://cheatsheet.dennyzhang.com/kubernetes-yaml-templates | |
| apiVersion: policy/v1beta1 | |
| kind: PodSecurityPolicy | |
| metadata: | |
| name: restricted | |
| spec: | |
| privileged: false | |
| fsGroup: | |
| rule: RunAsAny | |
| runAsUser: | |
| rule: MustRunAsNonRoot | |
| seLinux: | |
| rule: RunAsAny | |
| supplementalGroups: | |
| rule: RunAsAny | |
| volumes: | |
| - 'emptyDir' | |
| - 'secret' | |
| - 'downwardAPI' | |
| - 'configMap' | |
| - 'persistentVolumeClaim' | |
| - 'projected' | |
| hostPID: false | |
| hostIPC: false | |
| hostNetwork: false |