blob: 1d1df971e9e360760d7920b5cd30d391770a2fe3 [file] [log] [blame]
apiVersion: extensions/v1beta1
kind: PodSecurityPolicy
metadata:
name: restricted
spec:
privileged: false
allowPrivilegeEscalation: false
defaultAllowPrivilegeEscalation: false
hostNetwork: false
hostPID: false
hostIPC: false
hostNetwork: false
seLinux:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
runAsUser:
rule: MustRunAsNonRoot
fsGroup:
rule: RunAsAny
volumes:
- '*'
allowedCapabilities:
- '*'
hostPorts:
- min: 8000
max: 9999