nanox · September 20, 2024 23:10
diff --git a/discover-deployments-with-special-scc.sh b/discover-deployments-with-special-scc.sh
 for NAMESPACE in $(oc get namespace --no-headers | awk '{print $1}' | grep -v "openshift-*") ;
 do
  oc get deployment,deploymentconfig -o name -n $NAMESPACE |\
  xargs -n 1 -I OBJECT oc get OBJECT -o json -n $NS 2>/dev/null |\
  jq -r 'select(.spec.template.spec.containers[].securityContext!={}) |
  "Kind: " + .metadata.kind,
  "NAME: " + .metadata.name,
  "NAMESPACE: " + .metadata.namespace,
  "To see the exact SCC, run:",
  "oc get " + .kind + " " + .metadata.name + " -n " .metadata.namespace + " -o jsonpath={.spec.template.spec.containers[].securityContext} | jq .",
  "\n"'
 done
	for NAMESPACE in $(oc get namespace --no-headers \| awk '{print $1}' \| grep -v "openshift-*") ;
	do
	oc get deployment,deploymentconfig -o name -n $NAMESPACE \|\
	xargs -n 1 -I OBJECT oc get OBJECT -o json -n $NS 2>/dev/null \|\
	jq -r 'select(.spec.template.spec.containers[].securityContext!={}) \|
	"Kind: " + .metadata.kind,
	"NAME: " + .metadata.name,
	"NAMESPACE: " + .metadata.namespace,
	"To see the exact SCC, run:",
	"oc get " + .kind + " " + .metadata.name + " -n " .metadata.namespace + " -o jsonpath={.spec.template.spec.containers[].securityContext} \| jq .",
	"\n"'
	done