{{- if and .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: name: {{ template "sscdpa.psp.fullname" . }} {{ include "sscdpa.labels" . | indent 2 }} spec: seLinux: rule: RunAsAny privileged: true volumes: - hostPath - secret hostNetwork: true hostPorts: - min: 0 max: 65535 fsGroup: rule: RunAsAny runAsUser: rule: RunAsAny supplementalGroups: rule: RunAsAny {{- end }}