1 {{- if and .Values.nodeExporter.enabled .Values.rbac.create }}
2 {{- if .Values.podSecurityPolicy.enabled }}
3 apiVersion: {{ template "prometheus.podSecurityPolicy.apiVersion" . }}
4 kind: PodSecurityPolicy
6 name: {{ template "prometheus.nodeExporter.fullname" . }}
8 {{- include "prometheus.nodeExporter.labels" . | nindent 4 }}
10 {{- if .Values.nodeExporter.podSecurityPolicy.annotations }}
11 {{ toYaml .Values.nodeExporter.podSecurityPolicy.annotations | indent 4 }}
15 allowPrivilegeEscalation: false
16 requiredDropCapabilities:
27 {{- range .Values.nodeExporter.extraHostPathMounts }}
28 - pathPrefix: {{ .hostPath }}
29 readOnly: {{ .readOnly }}
31 hostNetwork: {{ .Values.nodeExporter.hostNetwork }}
32 hostPID: {{ .Values.nodeExporter.hostPID }}
41 # Forbid adding the root group.
47 # Forbid adding the root group.
50 readOnlyRootFilesystem: false