{{- if .Values.rbac.pspEnabled }} apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: name: {{ template "prometheus-postgres-exporter.fullname" . }} labels: app: {{ template "prometheus-postgres-exporter.name" . }} chart: {{ template "prometheus-postgres-exporter.chart" . }} heritage: {{ .Release.Service }} release: {{ .Release.Name }} annotations: seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default' apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default' seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' spec: privileged: false allowPrivilegeEscalation: false requiredDropCapabilities: - ALL volumes: - 'configMap' - 'emptyDir' - 'projected' - 'secret' - 'downwardAPI' hostNetwork: false hostIPC: false hostPID: false runAsUser: rule: 'RunAsAny' seLinux: rule: 'RunAsAny' supplementalGroups: rule: 'RunAsAny' fsGroup: rule: 'RunAsAny' readOnlyRootFilesystem: false {{- end }}