diff options
Diffstat (limited to 'roles/openshift_cfme/files/templates/cloudforms/cfme-scc-sysadmin.yaml')
-rw-r--r-- | roles/openshift_cfme/files/templates/cloudforms/cfme-scc-sysadmin.yaml | 38 |
1 files changed, 0 insertions, 38 deletions
diff --git a/roles/openshift_cfme/files/templates/cloudforms/cfme-scc-sysadmin.yaml b/roles/openshift_cfme/files/templates/cloudforms/cfme-scc-sysadmin.yaml deleted file mode 100644 index d2ece9298..000000000 --- a/roles/openshift_cfme/files/templates/cloudforms/cfme-scc-sysadmin.yaml +++ /dev/null @@ -1,38 +0,0 @@ -allowHostDirVolumePlugin: false -allowHostIPC: false -allowHostNetwork: false -allowHostPID: false -allowHostPorts: false -allowPrivilegedContainer: false -allowedCapabilities: -apiVersion: v1 -defaultAddCapabilities: -- SYS_ADMIN -fsGroup: - type: RunAsAny -groups: -- system:cluster-admins -kind: SecurityContextConstraints -metadata: - annotations: - kubernetes.io/description: cfme-sysadmin provides all features of the anyuid SCC but allows users to have SYS_ADMIN capabilities. This is the required scc for Pods requiring to run with systemd and the message bus. - creationTimestamp: - name: cfme-sysadmin -priority: 10 -readOnlyRootFilesystem: false -requiredDropCapabilities: -- MKNOD -- SYS_CHROOT -runAsUser: - type: RunAsAny -seLinuxContext: - type: MustRunAs -supplementalGroups: - type: RunAsAny -users: -volumes: -- configMap -- downwardAPI -- emptyDir -- persistentVolumeClaim -- secret |