| 12345678910111213141516171819202122232425262728293031323334 |
- {{- if .Values.rbac.pspEnabled }}
- apiVersion: policy/v1beta1
- kind: PodSecurityPolicy
- metadata:
- name: {{ template "fluent-bit-loki.fullname" . }}
- labels:
- app: {{ template "fluent-bit-loki.name" . }}
- chart: {{ template "fluent-bit-loki.chart" . }}
- heritage: {{ .Release.Service }}
- release: {{ .Release.Name }}
- spec:
- privileged: false
- allowPrivilegeEscalation: false
- volumes:
- - 'secret'
- - 'configMap'
- - 'hostPath'
- - 'projected'
- - 'downwardAPI'
- hostNetwork: false
- hostIPC: false
- hostPID: false
- runAsUser:
- rule: 'RunAsAny'
- seLinux:
- rule: 'RunAsAny'
- supplementalGroups:
- rule: 'RunAsAny'
- fsGroup:
- rule: 'RunAsAny'
- readOnlyRootFilesystem: true
- requiredDropCapabilities:
- - ALL
- {{- end }}
|
