C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
c12s-kubespray/roles/kubernetes-apps/cluster_roles/templates/psp.yml.j2
Wang Zhen d62836f2ab
Replace seccomp profile docker/default with runtime/default (#6170) 
Signed-off-by: Wang Zhen <lazybetrayer@gmail.com>
2020-05-27 14:02:02 -07:00

28 lines
947 B
Django/Jinja
Raw Blame History

---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: restricted
annotations:
seccomp.security.alpha.kubernetes.io/defaultProfileName: 'runtime/default'
seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default'
{% if apparmor_enabled %}
apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default'
{% endif %}
labels:
addonmanager.kubernetes.io/mode: Reconcile
spec:
{{ podsecuritypolicy_restricted_spec | to_yaml(indent=2, width=1337) | indent(width=2) }}
---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: privileged
annotations:
seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
labels:
addonmanager.kubernetes.io/mode: Reconcile
spec:
{{ podsecuritypolicy_privileged_spec | to_yaml(indent=2, width=1337) | indent(width=2) }}
Reference in a new issue View git blame Copy permalink