{{- if and (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") .Values.testFramework.enabled .Values.rbac.pspEnabled }} apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: name: {{ include "grafana.fullname" . }}-test annotations: "helm.sh/hook": {{ .Values.testFramework.hookType | default "test" }} "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded" labels: {{- include "grafana.labels" . | nindent 4 }} spec: allowPrivilegeEscalation: true privileged: false hostNetwork: false hostIPC: false hostPID: false fsGroup: rule: RunAsAny seLinux: rule: RunAsAny supplementalGroups: rule: RunAsAny runAsUser: rule: RunAsAny volumes: - configMap - downwardAPI - emptyDir - projected - csi - secret {{- end }}