1 {{- if .Values.rbac.create }}
2 {{- if .Values.podSecurityPolicy.enabled }}
3 apiVersion: {{ template "prometheus.podSecurityPolicy.apiVersion" . }}
4 kind: PodSecurityPolicy
6 name: {{ template "prometheus.pushgateway.fullname" . }}
8 {{- include "prometheus.pushgateway.labels" . | nindent 4 }}
10 {{- if .Values.pushgateway.podSecurityPolicy.annotations }}
11 {{ toYaml .Values.pushgateway.podSecurityPolicy.annotations | indent 4 }}
15 allowPrivilegeEscalation: false
16 requiredDropCapabilities:
19 - 'persistentVolumeClaim'
22 - pathPrefix: {{ .Values.pushgateway.persistentVolume.mountPath }}
33 # Forbid adding the root group.
39 # Forbid adding the root group.
42 readOnlyRootFilesystem: true