diff options
author | Suren A. Chilingaryan <csa@suren.me> | 2018-02-28 23:46:55 +0100 |
---|---|---|
committer | Suren A. Chilingaryan <csa@suren.me> | 2018-02-28 23:46:55 +0100 |
commit | 1f3e2a9f59e83dc3f0fcbecf096a7e7b40d36ed7 (patch) | |
tree | c75d04456ab3593442734bec3d84c90e4b973f27 /setup/projects/katrin/templates/00-katrin-restricted.yml.j2.excl | |
parent | fe4622305efa55e6bec8221efe8fc4bdd5462136 (diff) | |
download | ands-1f3e2a9f59e83dc3f0fcbecf096a7e7b40d36ed7.tar.gz ands-1f3e2a9f59e83dc3f0fcbecf096a7e7b40d36ed7.tar.bz2 ands-1f3e2a9f59e83dc3f0fcbecf096a7e7b40d36ed7.tar.xz ands-1f3e2a9f59e83dc3f0fcbecf096a7e7b40d36ed7.zip |
First running prototype
Diffstat (limited to 'setup/projects/katrin/templates/00-katrin-restricted.yml.j2.excl')
-rw-r--r-- | setup/projects/katrin/templates/00-katrin-restricted.yml.j2.excl | 43 |
1 files changed, 0 insertions, 43 deletions
diff --git a/setup/projects/katrin/templates/00-katrin-restricted.yml.j2.excl b/setup/projects/katrin/templates/00-katrin-restricted.yml.j2.excl deleted file mode 100644 index d155267..0000000 --- a/setup/projects/katrin/templates/00-katrin-restricted.yml.j2.excl +++ /dev/null @@ -1,43 +0,0 @@ ---- -allowHostDirVolumePlugin: false -allowHostIPC: false -allowHostNetwork: false -allowHostPID: false -allowHostPorts: false -allowPrivilegedContainer: false -allowedCapabilities: null -apiVersion: v1 -defaultAddCapabilities: null -fsGroup: - type: MustRunAs -groups: -- system:authenticated -kind: SecurityContextConstraints -metadata: - annotations: - kubernetes.io/description: restricted denies access to all host features and requires - pods to be run with a UID, and SELinux context that are allocated to the namespace. This - is the most restrictive SCC. - creationTimestamp: null - name: katrin-restricted -priority: null -readOnlyRootFilesystem: false -requiredDropCapabilities: -- KILL -- MKNOD -- SYS_CHROOT -- SETUID -- SETGID -runAsUser: - type: MustRunAsRange -seLinuxContext: - type: MustRunAs -supplementalGroups: - type: RunAsAny -volumes: -- glusterfs -- configMap -- downwardAPI -- emptyDir -- persistentVolumeClaim -- secret |