-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathpsp_windows.yaml
30 lines (29 loc) · 907 Bytes
/
psp_windows.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: csi-gce-pd-node-psp-win
spec:
supplementalGroups:
rule: RunAsAny
runAsUser:
rule: RunAsAny
fsGroup:
rule: RunAsAny
seLinux:
rule: RunAsAny
volumes:
- '*'
hostNetwork: true
allowedHostPaths:
- pathPrefix: \var\lib\kubelet
- pathPrefix: \var\lib\kubelet\plugins_registry
- pathPrefix: \var\lib\kubelet\plugins\pd.csi.storage.gke.io
- pathPrefix: \\.\pipe\csi-proxy-disk-v1
- pathPrefix: \\.\pipe\csi-proxy-volume-v1
- pathPrefix: \\.\pipe\csi-proxy-filesystem-v1
# these paths are allowed only for compatibility mode if the PD CSI driver
# is using the CSI Proxy v1 client and the node is still using the
# beta version of the CSI proxy
- pathPrefix: \\.\pipe\csi-proxy-disk-v1beta2
- pathPrefix: \\.\pipe\csi-proxy-volume-v1beta1
- pathPrefix: \\.\pipe\csi-proxy-filesystem-v1beta1