From 215857128a63aaf0da3352f9a41498e2854497a7 Mon Sep 17 00:00:00 2001 From: Conan Scott Date: Wed, 14 Jan 2026 04:40:57 +0000 Subject: [PATCH] Add Vault SCC with priority 20 --- templates/vault-scc.yaml | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 templates/vault-scc.yaml diff --git a/templates/vault-scc.yaml b/templates/vault-scc.yaml new file mode 100644 index 0000000..838adf9 --- /dev/null +++ b/templates/vault-scc.yaml @@ -0,0 +1,25 @@ +kind: SecurityContextConstraints +apiVersion: security.openshift.io/v1 +metadata: + name: vault-restricted +priority: 20 +allowPrivilegedContainer: false +allowHostDirVolumePlugin: false +allowHostIPC: false +allowHostNetwork: false +allowHostPID: false +allowHostPorts: false +runAsUser: + type: MustRunAs + uid: 100 +seLinuxContext: + type: MustRunAs +fsGroup: + type: MustRunAs +supplementalGroups: + type: RunAsAny +defaultAddCapabilities: [] +requiredDropCapabilities: +- ALL +users: [] +groups: []