Skip to content

Instantly share code, notes, and snippets.

@mdrakiburrahman

mdrakiburrahman/arc-scc.yaml

Last active May 6, 2022 17:04
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save mdrakiburrahman/f6434e79184a8e5d4df7566b6f25ea70 to your computer and use it in GitHub Desktop.
Save mdrakiburrahman/f6434e79184a8e5d4df7566b6f25ea70 to your computer and use it in GitHub Desktop.
Download ZIP
SCCs for Bootstrapper 1.3.0_2022-01-27
Raw
arc-scc.yaml
apiVersion: security.openshift.io/v1
kind: SecurityContextConstraints
metadata:
name: arc-data-scc
allowHostDirVolumePlugin: false
allowHostIPC: false
allowHostNetwork: false
allowHostPID: false
allowHostPorts: false
allowPrivilegeEscalation: true
allowPrivilegedContainer: false
allowedCapabilities:
- SETUID
- SETGID
- CHOWN
- SYS_PTRACE
defaultAddCapabilities: null
fsGroup:
type: RunAsAny
groups: []
priority: null
readOnlyRootFilesystem: false
requiredDropCapabilities:
- KILL
- MKNOD
runAsUser:
type: MustRunAsNonRoot
seLinuxContext:
type: MustRunAs
supplementalGroups:
type: RunAsAny
users: []
volumes:
- configMap
- downwardAPI
- emptyDir
- persistentVolumeClaim
- projected
- secret
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: role-arc-data-scc
rules:
- apiGroups:
- security.openshift.io
resourceNames:
- arc-data-scc
resources:
- securitycontextconstraints
verbs:
- use
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: rb-arc-data-scc
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: role-arc-data-scc
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: system:serviceaccounts
---
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment