DanyC97/Foo-SCC.yml

## Foo-SCC.yml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: foo-sa
  namespace: foo
---
kind: SecurityContextConstraints
apiVersion: v1
metadata:
  annotations:
    kubernetes.io/description: FOO restricted SCC with hostPath volume enabled
  name: foo-scc-restricted
priority: null
defaultAddCapabilities: null
allowHostIPC: false
allowHostNetwork: false
allowHostPID: false
allowHostPorts: false
allowPrivilegedContainer: false
allowedCapabilities: null
allowHostDirVolumePlugin: true
allowedFlexVolumes: null
readOnlyRootFilesystem: false
requiredDropCapabilities:
- KILL
- MKNOD
- SYS_CHROOT
runAsUser:
  type: RunAsAny
seLinuxContext:
  type: MustRunAs
supplementalGroups:
  type: RunAsAny
fsGroup:
  type: MustRunAs
users:
- system:serviceaccount:foo:foo-sa
groups:
- system:authenticated
volumes:
- configMap
- emptyDir
- hostPath
- persistentVolumeClaim
- secret
	apiVersion: v1
	kind: ServiceAccount
	metadata:
	name: foo-sa
	namespace: foo
	---
	kind: SecurityContextConstraints
	apiVersion: v1
	metadata:
	annotations:
	kubernetes.io/description: FOO restricted SCC with hostPath volume enabled
	name: foo-scc-restricted
	priority: null
	defaultAddCapabilities: null
	allowHostIPC: false
	allowHostNetwork: false
	allowHostPID: false
	allowHostPorts: false
	allowPrivilegedContainer: false
	allowedCapabilities: null
	allowHostDirVolumePlugin: true
	allowedFlexVolumes: null
	readOnlyRootFilesystem: false
	requiredDropCapabilities:
	- KILL
	- MKNOD
	- SYS_CHROOT
	runAsUser:
	type: RunAsAny
	seLinuxContext:
	type: MustRunAs
	supplementalGroups:
	type: RunAsAny
	fsGroup:
	type: MustRunAs
	users:
	- system:serviceaccount:foo:foo-sa
	groups:
	- system:authenticated
	volumes:
	- configMap
	- emptyDir
	- hostPath
	- persistentVolumeClaim
	- secret