ingress-nginx-helm/charts/ingress-nginx/templates/default-backend-psp.yaml

{{- if and .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled -}}
apiVersion: {{ template "podSecurityPolicy.apiVersion" . }}
kind: PodSecurityPolicy
metadata:
  name: {{ template "nginx-ingress.fullname" . }}-backend
  labels:
    app: {{ template "nginx-ingress.name" . }}
    chart: {{ template "nginx-ingress.chart" . }}
    heritage: {{ .Release.Service }}
    release: {{ .Release.Name }}
spec:
  allowPrivilegeEscalation: false
  fsGroup:
    ranges:
    - max: 65535
      min: 1
    rule: MustRunAs
  requiredDropCapabilities:
  - ALL
  runAsUser:
    rule: MustRunAsNonRoot
  seLinux:
    rule: RunAsAny
  supplementalGroups:
    ranges:
    - max: 65535
      min: 1
    rule: MustRunAs
  volumes:
  - configMap
  - emptyDir
  - projected
  - secret
  - downwardAPI
{{- end -}}
Start migration of helm chart (#5159) 2020-02-24 19:25:57 +00:00			`{{- if and .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled -}}`
			`apiVersion: {{ template "podSecurityPolicy.apiVersion" . }}`
			`kind: PodSecurityPolicy`
			`metadata:`
			`name: {{ template "nginx-ingress.fullname" . }}-backend`
			`labels:`
			`app: {{ template "nginx-ingress.name" . }}`
			`chart: {{ template "nginx-ingress.chart" . }}`
			`heritage: {{ .Release.Service }}`
			`release: {{ .Release.Name }}`
			`spec:`
			`allowPrivilegeEscalation: false`
			`fsGroup:`
			`ranges:`
			`- max: 65535`
			`min: 1`
			`rule: MustRunAs`
			`requiredDropCapabilities:`
			`- ALL`
			`runAsUser:`
			`rule: MustRunAsNonRoot`
			`seLinux:`
			`rule: RunAsAny`
			`supplementalGroups:`
			`ranges:`
			`- max: 65535`
			`min: 1`
			`rule: MustRunAs`
			`volumes:`
			`- configMap`
			`- emptyDir`
			`- projected`
			`- secret`
			`- downwardAPI`
			`{{- end -}}`