SDFAB-998 Move omec-user-plane from aether-helm-chart to sdfabric-helm-chart
It is renamed to bess-upf.
The license is also updated to Apache 2.0.
We also remove omec-upf-cni which is no longer in use.
Change-Id: Ie9ce877c13203a76bf90d24918734ded33587157
diff --git a/bess-upf/templates/podsecuritypolicy-upf.yaml b/bess-upf/templates/podsecuritypolicy-upf.yaml
new file mode 100644
index 0000000..2578f6c
--- /dev/null
+++ b/bess-upf/templates/podsecuritypolicy-upf.yaml
@@ -0,0 +1,48 @@
+{{/*
+# Copyright 2020-present Open Networking Foundation
+# SPDX-License-Identifier: Apache-2.0
+*/}}
+
+{{- if .Values.podsecuritypolicy.enabled }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+ name: 1-upf
+spec:
+ {{ if or .Values.config.coreDump.enabled .Values.config.upf.privileged }}
+ privileged: true
+ allowPrivilegeEscalation: true
+ {{ else }}
+ privileged: false
+ allowPrivilegeEscalation: false
+ {{ end }}
+ allowedCapabilities:
+ - IPC_LOCK
+ - NET_ADMIN
+ volumes:
+ - 'configMap'
+ - 'emptyDir'
+ - 'secret'
+ {{- if .Values.config.coreDump.enabled }}
+ - 'hostPath'
+ allowedHostPaths:
+ - pathPrefix: "/"
+ - pathPrefix: "/tmp/coredump"
+ {{- end }}
+ seLinux:
+ rule: RunAsAny
+ supplementalGroups:
+ rule: 'MustRunAs'
+ ranges:
+ # Forbid adding the root group.
+ - min: 1
+ max: 65535
+ runAsUser:
+ rule: RunAsAny
+ fsGroup:
+ rule: 'MustRunAs'
+ ranges:
+ # Forbid adding the root group.
+ - min: 1
+ max: 65535
+{{- end }}