-
Notifications
You must be signed in to change notification settings - Fork 13
/
Copy pathscc.yaml
39 lines (39 loc) · 998 Bytes
/
scc.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
apiVersion: security.openshift.io/v1
kind: SecurityContextConstraints
metadata:
annotations:
kubernetes.io/description: allow hostpath and host network to be accessible
generation: 1
name: csiaccess
selfLink: /apis/security.openshift.io/v1/securitycontextconstraints/csiaccess
allowHostDirVolumePlugin: true
allowHostIPC: true
allowHostNetwork: true
allowHostPID: true
allowHostPorts: true
allowPrivilegeEscalation: true
allowPrivilegedContainer: true
allowedCapabilities:
- '*'
defaultAddCapabilities: []
priority: null
fsGroup:
type: MustRunAs
groups:
- system:authenticated
readOnlyRootFilesystem: false
runAsUser:
type: RunAsAny
seLinuxContext:
type: RunAsAny
seccompProfiles:
- '*'
supplementalGroups:
type: RunAsAny
users:
- system:serviceaccount:myproject:ibm-powervc-csi-attacher
- system:serviceaccount:myproject:ibm-powervc-csi-provisioner
- system:serviceaccount:myproject:ibm-powervc-csi-node
- system:serviceaccount:myproject:ibm-powervc-csi-resizer
volumes:
- '*'