built-in-references/Kubernetes/allowed-users-groups/constraint.yaml (15 lines of code) (raw):
apiVersion: constraints.gatekeeper.sh/v1beta1
kind: K8sAzureAllowedUsersGroups
metadata:
name: psp-allowed-users-groups
spec:
match:
excludedNamespaces: {{ .Values.excludedNamespaces }}
kinds:
- apiGroups: [""]
kinds: ["Pod"]
parameters:
runAsUser: {{ .Values.runAsUser }}
runAsGroup: {{ .Values.runAsGroup }}
supplementalGroups: {{ .Values.supplementalGroups }}
fsGroup: {{ .Values.fsGroup }}