2022-09-24 13:38:05 +02:00
{{- if (semverCompare "<1.25.0-0" .Capabilities.KubeVersion.Version) }}
2021-02-23 18:31:56 -06:00
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled .Values.podSecurityPolicy.enabled (empty .Values.controller.admissionWebhooks.existingPsp) -}}
2020-02-24 16:25:57 -03:00
apiVersion : policy/v1beta1
kind : PodSecurityPolicy
metadata :
2020-03-03 21:53:23 -05:00
name : {{ include "ingress-nginx.fullname" . }}-admission
2020-02-24 16:25:57 -03:00
annotations :
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
labels :
2020-02-28 08:53:24 -06:00
{{- include "ingress-nginx.labels" . | nindent 4 }}
app.kubernetes.io/component : admission-webhook
2021-11-19 15:52:52 +01:00
{{- with .Values.controller.admissionWebhooks.patch.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
2020-02-24 16:25:57 -03:00
spec :
allowPrivilegeEscalation : false
fsGroup :
ranges :
- max : 65535
min : 1
rule : MustRunAs
requiredDropCapabilities :
- ALL
runAsUser :
rule : MustRunAsNonRoot
seLinux :
rule : RunAsAny
supplementalGroups :
ranges :
- max : 65535
min : 1
rule : MustRunAs
volumes :
- configMap
- emptyDir
- projected
- secret
- downwardAPI
{{- end }}
2022-09-24 13:38:05 +02:00
{{- end }}
