1 {{- if .Values.rbac.create }}
2 {{- if .Values.podSecurityPolicy.enabled }}
3 apiVersion: {{ template "prometheus.podSecurityPolicy.apiVersion" . }}
4 kind: PodSecurityPolicy
6 name: {{ template "prometheus.alertmanager.fullname" . }}
8 {{- include "prometheus.alertmanager.labels" . | nindent 4 }}
10 {{- if .Values.alertmanager.podSecurityPolicy.annotations }}
11 {{ toYaml .Values.alertmanager.podSecurityPolicy.annotations | indent 4 }}
15 allowPrivilegeEscalation: false
16 requiredDropCapabilities:
20 - 'persistentVolumeClaim'
26 - pathPrefix: {{ .Values.alertmanager.persistentVolume.mountPath }}
37 # Forbid adding the root group.
43 # Forbid adding the root group.
46 readOnlyRootFilesystem: true