wallet/.helm/templates/psp.yaml

{{- if and .Values.rbac.create .Values.rbac.pspEnabled }}
apiVersion: {{ template "podSecurityPolicy.apiVersion" . }}
kind: PodSecurityPolicy
metadata:
  name: {{ template "service.fullname" . }}
  labels:
    app: {{ include "service.fullname" . }}
    release: {{ .Release.Name }}
spec:
  privileged: false
  allowPrivilegeEscalation: false
  requiredDropCapabilities:
    - ALL
  volumes:
    - 'configMap'
    - 'emptyDir'
    - 'projected'
    - 'secret'
    - 'downwardAPI'
    - 'persistentVolumeClaim'
    - 'hostPath'
  hostNetwork: true
  hostIPC: false
  hostPID: true
  hostPorts:
    - min: 0
      max: 65535
  runAsUser:
    rule: 'MustRunAs'
    ranges:
      - min: 1001
        max: 1001
  seLinux:
    rule: 'RunAsAny'
  supplementalGroups:
    rule: 'MustRunAs'
    ranges:
      - min: 1001
        max: 1001
  fsGroup:
    rule: 'MustRunAs'
    ranges:
      - min: 1001
        max: 1001
  readOnlyRootFilesystem: false
{{- end }}
[init] 2024-08-31 14:46:20 +00:00			`{{- if and .Values.rbac.create .Values.rbac.pspEnabled }}`
			`apiVersion: {{ template "podSecurityPolicy.apiVersion" . }}`
			`kind: PodSecurityPolicy`
			`metadata:`
			`name: {{ template "service.fullname" . }}`
			`labels:`
			`app: {{ include "service.fullname" . }}`
			`release: {{ .Release.Name }}`
			`spec:`
			`privileged: false`
			`allowPrivilegeEscalation: false`
			`requiredDropCapabilities:`
			`- ALL`
			`volumes:`
			`- 'configMap'`
			`- 'emptyDir'`
			`- 'projected'`
			`- 'secret'`
			`- 'downwardAPI'`
			`- 'persistentVolumeClaim'`
			`- 'hostPath'`
			`hostNetwork: true`
			`hostIPC: false`
			`hostPID: true`
			`hostPorts:`
			`- min: 0`
			`max: 65535`
			`runAsUser:`
			`rule: 'MustRunAs'`
			`ranges:`
			`- min: 1001`
			`max: 1001`
			`seLinux:`
			`rule: 'RunAsAny'`
			`supplementalGroups:`
			`rule: 'MustRunAs'`
			`ranges:`
			`- min: 1001`
			`max: 1001`
			`fsGroup:`
			`rule: 'MustRunAs'`
			`ranges:`
			`- min: 1001`
			`max: 1001`
			`readOnlyRootFilesystem: false`
			`{{- end }}`