apiVersion: constraints.gatekeeper.sh/v1beta1 kind: K8sAzureAllowedUsers metadata: name: azure-psp-pods-allowed-user-ranges spec: match: excludedNamespaces: {{ .Values.excludedNamespaces }} kinds: - apiGroups: [""] kinds: ["Pod"] parameters: runAsUser: rule: {{ .Values.runAsUserRule }} ranges: {{ .Values.runAsUserRanges }} runAsGroup: rule: {{ .Values.runAsGroupRule }} ranges: {{ .Values.runAsGroupRanges }} supplementalGroups: rule: {{ .Values.supplementalGroupsRule }} ranges: {{ .Values.supplementalGroupsRanges }} fsGroup: rule: {{ .Values.fsGroupRule }} ranges: {{ .Values.fsGroupRanges }}