SHARE
TWEET

Untitled

a guest Jul 18th, 2019 84 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. apiVersion: policy/v1beta1
  2. kind: PodSecurityPolicy
  3. metadata:
  4.   name: podsecurity
  5. spec:
  6.   privileged: true
  7.   allowPrivilegeEscalation: true
  8.   allowedCapabilities:
  9.   - '*'
  10.   seLinux:
  11.     rule: RunAsAny
  12.   supplementalGroups:
  13.     rule: RunAsAny
  14.   runAsUser:
  15.     rule: RunAsAny
  16.   fsGroup:
  17.     rule: RunAsAny
  18. ---
  19. apiVersion: rbac.authorization.k8s.io/v1
  20. kind: ClusterRole
  21. metadata:
  22.   name: clusterrole-podsecurity
  23. rules:
  24. - apiGroups: ["policy"]
  25.   resources: ["podsecuritypolicies"]
  26.   verbs: ["use"]
  27.   resourceNames:
  28.   - podsecurity
  29. ---
  30. apiVersion: rbac.authorization.k8s.io/v1
  31. kind: ClusterRoleBinding
  32. metadata:
  33.   name: clusterrolebinding-podsecurity
  34. roleRef:
  35.   kind: ClusterRole
  36.   name: clusterrole-podsecurity
  37.   apiGroup: rbac.authorization.k8s.io
  38. subjects:
  39.   - kind: Group
  40.     apiGroup: rbac.authorization.k8s.io
  41.     name: system:serviceaccounts
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top