From 5402ff05c7f5695bbe60cb6966e57a038c4fe1c0 Mon Sep 17 00:00:00 2001
From: Scott Dodson <sdodson@redhat.com>
Date: Mon, 5 Feb 2018 14:31:47 -0500
Subject: Initial support for 3.10

---
 .../v3.10/cfme-templates/cfme-scc-sysadmin.yaml    | 38 ++++++++++++++++++++++
 1 file changed, 38 insertions(+)
 create mode 100644 roles/openshift_examples/files/examples/v3.10/cfme-templates/cfme-scc-sysadmin.yaml

(limited to 'roles/openshift_examples/files/examples/v3.10/cfme-templates/cfme-scc-sysadmin.yaml')

diff --git a/roles/openshift_examples/files/examples/v3.10/cfme-templates/cfme-scc-sysadmin.yaml b/roles/openshift_examples/files/examples/v3.10/cfme-templates/cfme-scc-sysadmin.yaml
new file mode 100644
index 000000000..d2ece9298
--- /dev/null
+++ b/roles/openshift_examples/files/examples/v3.10/cfme-templates/cfme-scc-sysadmin.yaml
@@ -0,0 +1,38 @@
+allowHostDirVolumePlugin: false
+allowHostIPC: false
+allowHostNetwork: false
+allowHostPID: false
+allowHostPorts: false
+allowPrivilegedContainer: false
+allowedCapabilities:
+apiVersion: v1
+defaultAddCapabilities:
+- SYS_ADMIN
+fsGroup:
+  type: RunAsAny
+groups:
+- system:cluster-admins
+kind: SecurityContextConstraints
+metadata:
+  annotations:
+    kubernetes.io/description: cfme-sysadmin provides all features of the anyuid SCC but allows users to have SYS_ADMIN capabilities. This is the required scc for Pods requiring to run with systemd and the message bus.
+  creationTimestamp:
+  name: cfme-sysadmin
+priority: 10
+readOnlyRootFilesystem: false
+requiredDropCapabilities:
+- MKNOD
+- SYS_CHROOT
+runAsUser:
+  type: RunAsAny
+seLinuxContext:
+  type: MustRunAs
+supplementalGroups:
+  type: RunAsAny
+users:
+volumes:
+- configMap
+- downwardAPI
+- emptyDir
+- persistentVolumeClaim
+- secret
-- 
cgit v1.2.1