fenar/scc-grfna.yaml

## scc-grfna.yaml
apiVersion: security.openshift.io/v1
kind: SecurityContextConstraints
metadata:
  name: alloy-logs-scc
allowHostDirVolumePlugin: true
allowHostIPC: false
allowHostNetwork: false
allowHostPID: false
allowHostPorts: false
allowPrivilegeEscalation: false
allowPrivilegedContainer: false
allowedCapabilities:
  - DAC_READ_SEARCH
  - CHOWN
  - DAC_OVERRIDE
  - FOWNER
  - SETGID
  - SETUID
  - SETPCAP
  - SYS_CHROOT
  - AUDIT_WRITE
  - SETFCAP
requiredDropCapabilities:
  - MKNOD
  - FSETID
  - KILL
  - NET_BIND_SERVICE
  - NET_RAW
defaultAddCapabilities: []
fsGroup:
  type: MustRunAs
  ranges:
    - min: 473
      max: 473
runAsUser:
  type: MustRunAsNonRoot
seLinuxContext:
  type: RunAsAny
supplementalGroups:
  type: MustRunAs
  ranges:
    - min: 473
      max: 473
users:
  - "system:serviceaccount:monitoring:alloy-logs"
volumes:
  - configMap
  - secret
  - emptyDir
  - hostPath
	apiVersion: security.openshift.io/v1
	kind: SecurityContextConstraints
	metadata:
	name: alloy-logs-scc
	allowHostDirVolumePlugin: true
	allowHostIPC: false
	allowHostNetwork: false
	allowHostPID: false
	allowHostPorts: false
	allowPrivilegeEscalation: false
	allowPrivilegedContainer: false
	allowedCapabilities:
	- DAC_READ_SEARCH
	- CHOWN
	- DAC_OVERRIDE
	- FOWNER
	- SETGID
	- SETUID
	- SETPCAP
	- SYS_CHROOT
	- AUDIT_WRITE
	- SETFCAP
	requiredDropCapabilities:
	- MKNOD
	- FSETID
	- KILL
	- NET_BIND_SERVICE
	- NET_RAW
	defaultAddCapabilities: []
	fsGroup:
	type: MustRunAs
	ranges:
	- min: 473
	max: 473
	runAsUser:
	type: MustRunAsNonRoot
	seLinuxContext:
	type: RunAsAny
	supplementalGroups:
	type: MustRunAs
	ranges:
	- min: 473
	max: 473
	users:
	- "system:serviceaccount:monitoring:alloy-logs"
	volumes:
	- configMap
	- secret
	- emptyDir
	- hostPath
No results found