| apiVersion: policy/v1beta1 |
| kind: PodSecurityPolicy |
| metadata: |
| name: gce.persistent-volume-binder |
| annotations: |
| kubernetes.io/description: 'Policy used by the persistent-volume-binder |
| (a.k.a. persistentvolume-controller) to run recycler pods.' |
| seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' |
| seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'runtime/default,docker/default' |
| labels: |
| kubernetes.io/cluster-service: 'true' |
| addonmanager.kubernetes.io/mode: Reconcile |
| spec: |
| privileged: false |
| volumes: |
| - 'nfs' |
| - 'secret' # Required for service account credentials. |
| hostNetwork: false |
| hostIPC: false |
| hostPID: false |
| runAsUser: |
| rule: 'RunAsAny' |
| seLinux: |
| rule: 'RunAsAny' |
| supplementalGroups: |
| rule: 'RunAsAny' |
| fsGroup: |
| rule: 'RunAsAny' |
| readOnlyRootFilesystem: false |