Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- apiVersion: policy/v1beta1
- kind: PodSecurityPolicy
- metadata:
- name: podsecurity
- spec:
- privileged: true
- allowPrivilegeEscalation: true
- allowedCapabilities:
- - '*'
- seLinux:
- rule: RunAsAny
- supplementalGroups:
- rule: RunAsAny
- runAsUser:
- rule: RunAsAny
- fsGroup:
- rule: RunAsAny
- ---
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRole
- metadata:
- name: clusterrole-podsecurity
- rules:
- - apiGroups: ["policy"]
- resources: ["podsecuritypolicies"]
- verbs: ["use"]
- resourceNames:
- - podsecurity
- ---
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRoleBinding
- metadata:
- name: clusterrolebinding-podsecurity
- roleRef:
- kind: ClusterRole
- name: clusterrole-podsecurity
- apiGroup: rbac.authorization.k8s.io
- subjects:
- - kind: Group
- apiGroup: rbac.authorization.k8s.io
- name: system:serviceaccounts
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
