removed old rolebinding for peanutflix
This commit is contained in:
@@ -1,38 +0,0 @@
|
|||||||
apiVersion: security.openshift.io/v1
|
|
||||||
kind: SecurityContextConstraints
|
|
||||||
metadata:
|
|
||||||
name: restricted-hostpath
|
|
||||||
allowHostDirVolumePlugin: true # Needed for /dev/dri hostPath
|
|
||||||
allowHostIPC: false
|
|
||||||
allowHostNetwork: false
|
|
||||||
allowHostPID: false
|
|
||||||
allowHostPorts: false
|
|
||||||
allowPrivilegeEscalation: false
|
|
||||||
allowPrivilegedContainer: false
|
|
||||||
allowedCapabilities: null
|
|
||||||
defaultAddCapabilities: null
|
|
||||||
fsGroup:
|
|
||||||
type: MustRunAs
|
|
||||||
ranges:
|
|
||||||
- min: 1000
|
|
||||||
max: 2000
|
|
||||||
readOnlyRootFilesystem: false
|
|
||||||
requiredDropCapabilities:
|
|
||||||
- ALL
|
|
||||||
runAsUser:
|
|
||||||
type: MustRunAsRange
|
|
||||||
uidRangeMin: 1000
|
|
||||||
uidRangeMax: 2000
|
|
||||||
seLinuxContext:
|
|
||||||
type: MustRunAs
|
|
||||||
supplementalGroups:
|
|
||||||
type: RunAsAny
|
|
||||||
volumes:
|
|
||||||
- configMap
|
|
||||||
- downwardAPI
|
|
||||||
- emptyDir
|
|
||||||
- hostPath # This is what distinguishes it from restricted-s6
|
|
||||||
- persistentVolumeClaim
|
|
||||||
- projected
|
|
||||||
- secret
|
|
||||||
priority: 6 # Higher than restricted-s6 (5) due to hostPath access
|
|
||||||
Reference in New Issue
Block a user