From 72f2f3ae622abefc76bc26eeef65bed4546904a4 Mon Sep 17 00:00:00 2001 From: Conan Scott Date: Wed, 14 Jan 2026 17:04:35 +1100 Subject: [PATCH] tidied up scc --- templates/scc-rbac.yaml | 27 --------------------------- templates/scc.yaml | 24 ------------------------ 2 files changed, 51 deletions(-) delete mode 100644 templates/scc-rbac.yaml delete mode 100644 templates/scc.yaml diff --git a/templates/scc-rbac.yaml b/templates/scc-rbac.yaml deleted file mode 100644 index ca049bd..0000000 --- a/templates/scc-rbac.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: vault-restricted-scc-role -rules: -- apiGroups: - - security.openshift.io - resources: - - securitycontextconstraints - resourceNames: - - vault-restricted - verbs: - - use ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: vault-restricted-scc-binding - namespace: {{ .Release.Namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: vault-restricted-scc-role -subjects: -- kind: ServiceAccount - name: vault - namespace: {{ .Release.Namespace }} diff --git a/templates/scc.yaml b/templates/scc.yaml deleted file mode 100644 index 9855704..0000000 --- a/templates/scc.yaml +++ /dev/null @@ -1,24 +0,0 @@ -kind: SecurityContextConstraints -apiVersion: security.openshift.io/v1 -metadata: - name: vault-restricted -allowPrivilegedContainer: false -allowHostDirVolumePlugin: false -allowHostIPC: false -allowHostNetwork: false -allowHostPID: false -allowHostPorts: false -runAsUser: - type: MustRunAs - uid: 100 -seLinuxContext: - type: MustRunAs -fsGroup: - type: MustRunAs -supplementalGroups: - type: RunAsAny -defaultAddCapabilities: [] -requiredDropCapabilities: -- ALL -users: [] -groups: []