1 {{- if .Values.rbac.create }}
2 {{- if .Values.podSecurityPolicy.enabled }}
3 apiVersion: {{ template "prometheus.podSecurityPolicy.apiVersion" . }}
4 kind: PodSecurityPolicy
6 name: {{ template "prometheus.server.fullname" . }}
8 {{- include "prometheus.server.labels" . | nindent 4 }}
10 {{- if .Values.server.podSecurityPolicy.annotations }}
11 {{ toYaml .Values.server.podSecurityPolicy.annotations | indent 4 }}
15 allowPrivilegeEscalation: false
20 - 'persistentVolumeClaim'
27 - pathPrefix: {{ .Values.server.persistentVolume.mountPath }}
28 {{- range .Values.server.extraHostPathMounts }}
29 - pathPrefix: {{ .hostPath }}
30 readOnly: {{ .readOnly }}
42 # Forbid adding the root group.
48 # Forbid adding the root group.
51 readOnlyRootFilesystem: false