Skip to content
Permalink
master
Switch branches/tags
Go to file
 
 
Cannot retrieve contributors at this time
59 lines (59 sloc) 1.1 KB
apiVersion: extensions/v1beta1
kind: PodSecurityPolicy
metadata:
name: restricted
labels:
addonmanager.kubernetes.io/mode: Reconcile
spec:
hostPID: false
hostIPC: false
hostNetwork: false
privileged: false
allowPrivilegeEscalation: true
readOnlyRootFilesystem: false
volumes:
- configMap
- emptyDir
- projected
- secret
- downwardAPI
- persistentVolumeClaim
fsGroup:
rule: RunAsAny
runAsUser:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
seLinux:
rule: RunAsAny
---
apiVersion: extensions/v1beta1
kind: PodSecurityPolicy
metadata:
name: privileged
labels:
addonmanager.kubernetes.io/mode: Reconcile
annotations:
seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
spec:
hostPID: true
hostIPC: true
hostNetwork: true
privileged: true
allowPrivilegeEscalation: true
readOnlyRootFilesystem: false
hostPorts:
- min: 0
max: 65535
allowedCapabilities:
- '*'
volumes:
- '*'
fsGroup:
rule: RunAsAny
runAsUser:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
seLinux:
rule: RunAsAny