1 {{- if .Values.podSecurityPolicy.enabled }}
2 apiVersion: policy/v1beta1
3 kind: PodSecurityPolicy
5 name: {{ template "kube-state-metrics.fullname" . }}
7 app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }}
8 helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
9 app.kubernetes.io/managed-by: {{ .Release.Service }}
10 app.kubernetes.io/instance: {{ .Release.Name }}
11 {{- if .Values.podSecurityPolicy.annotations }}
13 {{ toYaml .Values.podSecurityPolicy.annotations | indent 4 }}
23 rule: 'MustRunAsNonRoot'
29 # Forbid adding the root group.
35 # Forbid adding the root group.
38 readOnlyRootFilesystem: false