Using SCC anyuid in OKD-OpenShift » Historie » Revision 1

Revision 1/6 | Weiter »
Peter Pfläging, 21.07.2021 19:52

OKD Openshift SCC AnyUID¶

apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: system:openshift:scc:anyuid
  namespace: mysupercoolnamespace
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: system:openshift:scc:anyuid
subjects:
- kind: ServiceAccount
  name: default
  namespace: mysupercoolnamespace
---
kind: SecurityContextConstraints
apiVersion: security.openshift.io/v1
metadata:
  annotations:
    include.release.openshift.io/ibm-cloud-managed: "true"
    include.release.openshift.io/self-managed-high-availability: "true"
    include.release.openshift.io/single-node-developer: "true"
    kubernetes.io/description: anyuid provides all features of the restricted SCC but allows users to run with any UID and any GID.
    release.openshift.io/create-only: "true"
  name: anyuid
allowHostDirVolumePlugin: false
allowHostIPC: false
allowHostNetwork: false
allowHostPID: false
allowHostPorts: false
allowPrivilegeEscalation: true
allowPrivilegedContainer: false
allowedCapabilities: null
defaultAddCapabilities: null
fsGroup:
  type: RunAsAny
groups:
- system:cluster-admins
priority: 10
readOnlyRootFilesystem: false
requiredDropCapabilities:
- MKNOD
runAsUser:
  type: RunAsAny
seLinuxContext:
  type: MustRunAs
supplementalGroups:
  type: RunAsAny
users: []
volumes:
- configMap
- downwardAPI
- emptyDir
- persistentVolumeClaim
- projected

Dateien (0)

Von Peter Pfläging vor fast 4 Jahren aktualisiert · 6 Revisionen

Box

Allgemein

Profil

Kube-faq

Wiki

Using SCC anyuid in OKD-OpenShift » Historie » Revision 1

OKD Openshift SCC AnyUID¶