Home Explore Help
Register Sign In
shixiong
/
okd
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 8cbd53ed64
Branches Tags
okd
/
roles
/
openshift_examples
/
files
/
examples
/
v3.7
/
cfme-templates
/
cfme-scc-sysadmin.yaml

cfme-scc-sysadmin.yaml 875 B
History Raw

1234567891011121314151617181920212223242526272829303132333435363738 
  1. allowHostDirVolumePlugin: false
    2. 

  2. allowHostIPC: false
    3. 

  3. allowHostNetwork: false
    4. 

  4. allowHostPID: false
    5. 

  5. allowHostPorts: false
    6. 

  6. allowPrivilegedContainer: false
    7. 

  7. allowedCapabilities:
    8. 

  8. apiVersion: v1
    9. 

  9. defaultAddCapabilities:
    10. 

  10. - SYS_ADMIN
    11. 

  11. fsGroup:
    12. 

  12.   type: RunAsAny
    13. 

  13. groups:
    14. 

  14. - system:cluster-admins
    15. 

  15. kind: SecurityContextConstraints
    16. 

  16. metadata:
    17. 

  17.   annotations:
    18. 

  18.     kubernetes.io/description: cfme-sysadmin provides all features of the anyuid SCC but allows users to have SYS_ADMIN capabilities. This is the required scc for Pods requiring to run with systemd and the message bus.
    19. 

  19.   creationTimestamp:
    20. 

  20.   name: cfme-sysadmin
    21. 

  21. priority: 10
    22. 

  22. readOnlyRootFilesystem: false
    23. 

  23. requiredDropCapabilities:
    24. 

  24. - MKNOD
    25. 

  25. - SYS_CHROOT
    26. 

  26. runAsUser:
    27. 

  27.   type: RunAsAny
    28. 

  28. seLinuxContext:
    29. 

  29.   type: MustRunAs
    30. 

  30. supplementalGroups:
    31. 

  31.   type: RunAsAny
    32. 

  32. users:
    33. 

  33. volumes:
    34. 

  34. - configMap
    35. 

  35. - downwardAPI
    36. 

  36. - emptyDir
    37. 

  37. - persistentVolumeClaim
    38. 

  38. - secret
    39.