allowHostDirVolumePlugin: false
allowHostIPC: false
allowHostNetwork: false
allowHostPID: false
allowHostPorts: false
allowPrivilegedContainer: false
allowedCapabilities:
apiVersion: v1
defaultAddCapabilities:
- SYS_ADMIN
fsGroup:
  type: RunAsAny
groups:
- system:cluster-admins
kind: SecurityContextConstraints
metadata:
  annotations:
    kubernetes.io/description: cfme-sysadmin provides all features of the anyuid SCC but allows users to have SYS_ADMIN capabilities. This is the required scc for Pods requiring to run with systemd and the message bus.
  creationTimestamp:
  name: cfme-sysadmin
priority: 10
readOnlyRootFilesystem: false
requiredDropCapabilities:
- MKNOD
- SYS_CHROOT
runAsUser:
  type: RunAsAny
seLinuxContext:
  type: MustRunAs
supplementalGroups:
  type: RunAsAny
users:
volumes:
- configMap
- downwardAPI
- emptyDir
- persistentVolumeClaim
- secret