apiVersion: constraints.gatekeeper.sh/v1beta1 kind: K8sAzureVolumeTypes metadata: name: psp-volume-types spec: match: excludedNamespaces: {{ .Values.excludedNamespaces }} kinds: - apiGroups: [""] kinds: ["Pod"] parameters: volumes: {{ .Values.volumes }} # - "*" # * may be used to allow all volume types # - configMap # - emptyDir # - projected # - secret # - downwardAPI # - persistentVolumeClaim # - hostPath #required for allowedHostPaths # - flexVolume #required for allowedFlexVolumes