apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
  name: cadvisor
spec:
  seLinux:
    rule: RunAsAny
  supplementalGroups:
    rule: RunAsAny
  runAsUser:
    rule: RunAsAny
  fsGroup:
    rule: RunAsAny
  volumes:
  - '*'
  allowedHostPaths:
  - pathPrefix: "/"
  - pathPrefix: "/var/run"
  - pathPrefix: "/sys"
  - pathPrefix: "/var/lib/docker"
  - pathPrefix: "/dev/disk"