Add a new folder to provide cluster customizations

Change-Id: Idb46c617f9eac2ab3427eaf1f74b3ed25bf22121

diff --git a/customizations/kustomization.yaml b/customizations/kustomization.yaml
new file mode 100644 (file)
index 0000000..d4f5fd8
--- /dev/null
+++ b/customizations/kustomization.yaml
@@ -0,0 +1,2 @@
+resources:
+- scc.yaml

diff --git a/customizations/scc.yaml b/customizations/scc.yaml
new file mode 100644 (file)
index 0000000..58f2ed7
--- /dev/null
+++ b/customizations/scc.yaml
@@ -0,0 +1,47 @@
+allowHostDirVolumePlugin: true
+allowHostIPC: true
+allowHostNetwork: true
+allowHostPID: true
+allowHostPorts: true
+allowPrivilegeEscalation: true
+allowPrivilegedContainer: true
+allowedCapabilities:
+- '*'
+allowedUnsafeSysctls:
+- '*'
+apiVersion: security.openshift.io/v1
+defaultAddCapabilities: null
+fsGroup:
+  type: RunAsAny
+groups:
+- system:cluster-admins
+- system:nodes
+- system:masters
+kind: SecurityContextConstraints
+metadata:
+  annotations:
+    kubernetes.io/description: 'privileged allows access to all privileged and host
+      features and the ability to run as any user, any group, any fsGroup, and with
+      any SELinux context.  WARNING: this is the most relaxed SCC and should be used
+      only for cluster administration. Grant with caution.'
+  name: privileged
+priority: null
+readOnlyRootFilesystem: false
+requiredDropCapabilities: null
+runAsUser:
+  type: RunAsAny
+seLinuxContext:
+  type: RunAsAny
+seccompProfiles:
+- '*'
+supplementalGroups:
+  type: RunAsAny
+users:
+- system:admin
+- system:serviceaccount:openshift-infra:build-controller
+- system:serviceaccount:kubevirt:kubevirt-operator
+- system:serviceaccount:kubevirt:kubevirt-handler
+- system:serviceaccount:kubevirt:kubevirt-apiserver
+- system:serviceaccount:kubevirt:kubevirt-controller
+volumes:
+- '*'