# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
+apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: caas-infra
rule: RunAsAny
allowedCapabilities:
- NET_BIND_SERVICE
+ - SETGID
+ - SETUID
- ALL
- IPC_LOCK
- SYS_RESOURCE