Permalink
Cannot retrieve contributors at this time
apiVersion: extensions/v1beta1 | |
kind: PodSecurityPolicy | |
metadata: | |
name: restricted | |
labels: | |
addonmanager.kubernetes.io/mode: Reconcile | |
spec: | |
hostPID: false | |
hostIPC: false | |
hostNetwork: false | |
privileged: false | |
allowPrivilegeEscalation: true | |
readOnlyRootFilesystem: false | |
volumes: | |
- configMap | |
- emptyDir | |
- projected | |
- secret | |
- downwardAPI | |
- persistentVolumeClaim | |
fsGroup: | |
rule: RunAsAny | |
runAsUser: | |
rule: RunAsAny | |
supplementalGroups: | |
rule: RunAsAny | |
seLinux: | |
rule: RunAsAny | |
--- | |
apiVersion: extensions/v1beta1 | |
kind: PodSecurityPolicy | |
metadata: | |
name: privileged | |
labels: | |
addonmanager.kubernetes.io/mode: Reconcile | |
annotations: | |
seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' | |
spec: | |
hostPID: true | |
hostIPC: true | |
hostNetwork: true | |
privileged: true | |
allowPrivilegeEscalation: true | |
readOnlyRootFilesystem: false | |
hostPorts: | |
- min: 0 | |
max: 65535 | |
allowedCapabilities: | |
- '*' | |
volumes: | |
- '*' | |
fsGroup: | |
rule: RunAsAny | |
runAsUser: | |
rule: RunAsAny | |
supplementalGroups: | |
rule: RunAsAny | |
seLinux: | |
rule: RunAsAny |