From 65c8a1f66c14a2cb2223d5ab12340fa4b2d88f95 Mon Sep 17 00:00:00 2001
From: Paul Weil <pweil@redhat.com>
Date: Mon, 9 May 2016 10:31:25 -0400
Subject: [PATCH] default policy

---
 .../podsecuritypolicies/privileged.yaml       | 32 +++++++++++++++++++
 1 file changed, 32 insertions(+)
 create mode 100644 cluster/addons/podsecuritypolicies/privileged.yaml

diff --git a/cluster/addons/podsecuritypolicies/privileged.yaml b/cluster/addons/podsecuritypolicies/privileged.yaml
new file mode 100644
index 00000000000..345c0797cc6
--- /dev/null
+++ b/cluster/addons/podsecuritypolicies/privileged.yaml
@@ -0,0 +1,32 @@
+apiVersion: extensions/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  annotations:
+    kubernetes.io/description: 'privileged allows access to all privileged and host
+      features and the ability to run as any user, any group, any fsGroup, and with
+      any SELinux context.'
+  creationTimestamp: 2016-05-06T19:28:58Z
+  name: privileged
+spec:
+  privileged: true
+  defaultAddCapabilities: null
+  requiredDropCapabilities: null
+  allowedCapabilities: null
+  volumes:
+  - '*'
+  hostNetwork: true
+  hostPorts:
+  -
+    min: 0
+    max: 65535
+  hostIPC: true
+  hostPID: true
+  runAsUser:
+    rule: 'RunAsAny'
+  seLinux:
+    rule: 'RunAsAny'
+  supplementalGroups:
+    rule: 'RunAsAny'
+  fsGroup:
+    rule: 'RunAsAny'
+  readOnlyRootFilesystem: false