apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: name: nfs-provisioner spec: fsGroup: rule: RunAsAny allowedCapabilities: - DAC_READ_SEARCH - SYS_RESOURCE runAsUser: rule: RunAsAny seLinux: rule: RunAsAny supplementalGroups: rule: RunAsAny volumes: - configMap - downwardAPI - emptyDir - persistentVolumeClaim - secret - hostPath