Permalink
Fetching contributors…
Cannot retrieve contributors at this time
57 lines (56 sloc) 1 KB
apiVersion: extensions/v1beta1
kind: PodSecurityPolicy
metadata:
name: restricted
annotations:
spec:
hostPID: false
hostIPC: false
hostNetwork: false
privileged: false
allowPrivilegeEscalation: true
readOnlyRootFilesystem: false
volumes:
- configMap
- emptyDir
- projected
- secret
- downwardAPI
- persistentVolumeClaim
fsGroup:
rule: RunAsAny
runAsUser:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
seLinux:
rule: RunAsAny
---
apiVersion: extensions/v1beta1
kind: PodSecurityPolicy
metadata:
name: privileged
annotations:
seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
spec:
hostPID: true
hostIPC: true
hostNetwork: true
privileged: true
allowPrivilegeEscalation: true
readOnlyRootFilesystem: false
hostPorts:
- min: 0
max: 65535
allowedCapabilities:
- '*'
volumes:
- '*'
fsGroup:
rule: RunAsAny
runAsUser:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
seLinux:
rule: RunAsAny