apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: name: example spec: privileged: false # 不允许提权的 Pod! # 以下内容负责填充一些必需字段。 seLinux: rule: RunAsAny supplementalGroups: rule: RunAsAny runAsUser: rule: RunAsAny fsGroup: rule: RunAsAny volumes: - '*'