28 lines
748 B
YAML
28 lines
748 B
YAML
{{- if .Capabilities.APIVersions.Has "security.openshift.io/v1/SecurityContextConstraints" }}
|
|
kind: SecurityContextConstraints
|
|
apiVersion: security.openshift.io/v1
|
|
metadata:
|
|
name: {{ .Release.Name }}-node-scc
|
|
|
|
allowPrivilegedContainer: true
|
|
allowHostDirVolumePlugin: true
|
|
{{- if or .Values.hostNetwork .Values.pluginConfig.mountProtocol.allowNfsFailback .Values.pluginConfig.mountProtocol.useNfs }}
|
|
allowHostNetwork: true
|
|
{{- end }}
|
|
allowedVolumeTypes:
|
|
- hostPath
|
|
- secret
|
|
readOnlyRootFilesystem: false
|
|
allowHostPorts: true
|
|
runAsUser:
|
|
type: RunAsAny
|
|
seLinuxContext:
|
|
type: RunAsAny
|
|
fsGroup:
|
|
type: RunAsAny
|
|
supplementalGroups:
|
|
type: RunAsAny
|
|
users:
|
|
- system:serviceaccount:{{ .Release.Namespace }}:{{ .Release.Name }}-node
|
|
{{- end }}
|