From: Yolanda Robla Date: Mon, 27 May 2019 13:18:46 +0000 (+0200) Subject: Add a new folder to provide cluster customizations X-Git-Tag: akraino_r1~1 X-Git-Url: https://gerrit.akraino.org/r/gitweb?a=commitdiff_plain;h=3d697b1a972ca3830ffbf3e933b4b39c3cb1be78;p=kni%2Ftemplates.git Add a new folder to provide cluster customizations Change-Id: Idb46c617f9eac2ab3427eaf1f74b3ed25bf22121 --- diff --git a/customizations/kustomization.yaml b/customizations/kustomization.yaml new file mode 100644 index 0000000..d4f5fd8 --- /dev/null +++ b/customizations/kustomization.yaml @@ -0,0 +1,2 @@ +resources: +- scc.yaml diff --git a/customizations/scc.yaml b/customizations/scc.yaml new file mode 100644 index 0000000..58f2ed7 --- /dev/null +++ b/customizations/scc.yaml @@ -0,0 +1,47 @@ +allowHostDirVolumePlugin: true +allowHostIPC: true +allowHostNetwork: true +allowHostPID: true +allowHostPorts: true +allowPrivilegeEscalation: true +allowPrivilegedContainer: true +allowedCapabilities: +- '*' +allowedUnsafeSysctls: +- '*' +apiVersion: security.openshift.io/v1 +defaultAddCapabilities: null +fsGroup: + type: RunAsAny +groups: +- system:cluster-admins +- system:nodes +- system:masters +kind: SecurityContextConstraints +metadata: + annotations: + kubernetes.io/description: 'privileged allows access to all privileged and host + features and the ability to run as any user, any group, any fsGroup, and with + any SELinux context. WARNING: this is the most relaxed SCC and should be used + only for cluster administration. Grant with caution.' + name: privileged +priority: null +readOnlyRootFilesystem: false +requiredDropCapabilities: null +runAsUser: + type: RunAsAny +seLinuxContext: + type: RunAsAny +seccompProfiles: +- '*' +supplementalGroups: + type: RunAsAny +users: +- system:admin +- system:serviceaccount:openshift-infra:build-controller +- system:serviceaccount:kubevirt:kubevirt-operator +- system:serviceaccount:kubevirt:kubevirt-handler +- system:serviceaccount:kubevirt:kubevirt-apiserver +- system:serviceaccount:kubevirt:kubevirt-controller +volumes: +- '*'