{{- if .Values.podSecurityPolicy.create -}}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
  name: {{ template "cadvisor.name" . }}
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "cadvisor.labels" . | nindent 4}}
spec:
  seLinux:
    rule: RunAsAny
  supplementalGroups:
    rule: RunAsAny
  runAsUser:
    rule: RunAsAny
  fsGroup:
    rule: RunAsAny
  volumes:
  - '*'
  {{ if .Values.podSecurityPolicy.privileged }}
  privileged: true
  {{- end }}
  allowedHostPaths:
  {{- range .Values.container.hostPaths }}
  - pathPrefix: {{ .path }}
  {{- end }}
{{- end -}}