Last active
October 6, 2020 08:03
-
-
Save flyingbarron/e78812ccef242a19caf4fe91c9c662be to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # gremlin-scc.yaml | |
| --- | |
| apiVersion: security.openshift.io/v1 | |
| allowHostDirVolumePlugin: true | |
| allowHostIPC: false | |
| allowHostNetwork: false | |
| allowHostPID: true | |
| allowHostPorts: false | |
| allowPrivilegeEscalation: false | |
| allowPrivilegedContainer: false | |
| allowedCapabilities: | |
| - ALL | |
| defaultAddCapabilities: null | |
| fsGroup: | |
| type: RunAsAny | |
| groups: [] | |
| kind: SecurityContextConstraints | |
| metadata: | |
| annotations: | |
| kubernetes.io/description: 'gremlin provides all the features of the | |
| restricted SCC but allows host mounts, any UID by a pod, and forces | |
| the process to run as the gremlin.process SELinux type. This is intended | |
| to be used solely by Gremlin. WARNING: this SCC allows host file | |
| system access as any UID, including UID 0. Grant with caution.' | |
| name: gremlin | |
| priority: null | |
| readOnlyRootFilesystem: false | |
| requiredDropCapabilities: [] | |
| runAsUser: | |
| type: RunAsAny | |
| seLinuxContext: | |
| seLinuxOptions: | |
| type: gremlin.process | |
| type: MustRunAs | |
| seccompProfiles: | |
| - unconfined | |
| supplementalGroups: | |
| type: RunAsAny | |
| volumes: | |
| - configMap | |
| - emptyDir | |
| - hostPath | |
| - persistentVolumeClaim | |
| - secret |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment