| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657 |
- ---
- apiVersion: policy/v1beta1
- kind: PodSecurityPolicy
- metadata:
- name: jitsi-privileged
- spec:
- allowPrivilegeEscalation: true
- fsGroup:
- rule: RunAsAny
- hostIPC: false
- hostNetwork: true
- hostPID: true
- hostPorts:
- - max: 65535
- min: 0
- privileged: true
- runAsUser:
- rule: RunAsAny
- seLinux:
- rule: RunAsAny
- supplementalGroups:
- rule: RunAsAny
- volumes:
- - configMap
- - downwardAPI
- - emptyDir
- - persistentVolumeClaim
- - projected
- - secret
- ---
- apiVersion: rbac.authorization.k8s.io/v1
- kind: Role
- metadata:
- name: jitsi-privileged
- namespace: jitsi
- rules:
- - apiGroups:
- - policy
- resources:
- - podsecuritypolicies
- resourceNames:
- - jitsi-privileged
- verbs:
- - use
- ---
- apiVersion: rbac.authorization.k8s.io/v1
- kind: RoleBinding
- metadata:
- name: jitsi-privileged
- namespace: jitsi
- roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
- name: jitsi-privileged
- subjects:
- - kind: ServiceAccount
- name: jitsi
|
