Add securityPolicies value for PSP deployment
This MR implements support for PSP so users could active loaded profiles for multiple pods via PSP.
related to gitlab-org/gitlab#223816 (closed)
Examples:
# Source: apparmor/templates/psp.yaml
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: release-name-apparmor-example
annotations:
spec:
fsGroup:
rule: RunAsAny
privileged: false
runAsUser:
rule: RunAsAny
seLinux:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
volumes:
- '*'
# Source: apparmor/templates/psp.yaml
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: release-name-apparmor-example
annotations:
apparmor.security.beta.kubernetes.io/defaultProfileName: 'profile-one'
apparmor.security.beta.kubernetes.io/allowedProfileNames: 'profile-one,profile-two'
spec:
fsGroup:
rule: RunAsAny
privileged: false
runAsUser:
rule: RunAsAny
seLinux:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
volumes:
- '*'
Edited by Arthur Evstifeev