From 01670fee64a5ad67d153aa1a18d155e8da3a8155 Mon Sep 17 00:00:00 2001
From: njackson <njackson@inszoneins.com>
Date: Wed, 19 Feb 2025 23:10:11 +0000
Subject: [PATCH] Add firezone-gateway-scc.yaml

---
 firezone-gateway-scc.yaml | 36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)
 create mode 100644 firezone-gateway-scc.yaml

diff --git a/firezone-gateway-scc.yaml b/firezone-gateway-scc.yaml
new file mode 100644
index 0000000..aacc143
--- /dev/null
+++ b/firezone-gateway-scc.yaml
@@ -0,0 +1,36 @@
+apiVersion: security.openshift.io/v1
+kind: SecurityContextConstraints
+metadata:
+  name: firezone-gateway-scc
+allowPrivilegedContainer: false
+allowedCapabilities:
+  - NET_ADMIN
+allowHostDirVolumePlugin: false
+allowHostNetwork: false
+allowHostPorts: false
+allowHostPID: false
+allowHostIPC: false
+readOnlyRootFilesystem: false
+requiredDropCapabilities:
+  - ALL
+runAsUser:
+  type: RunAsAny
+seLinuxContext:
+  type: MustRunAs
+fsGroup:
+  type: MustRunAs
+supplementalGroups:
+  type: MustRunAs
+volumes:
+  - configMap
+  - downwardAPI
+  - emptyDir
+  - persistentVolumeClaim
+  - projected
+  - secret
+allowedUnsafeSysctls:
+  - net.ipv4.ip_forward
+  - net.ipv4.conf.all.src_valid_mark
+  - net.ipv6.conf.all.disable_ipv6
+  - net.ipv6.conf.all.forwarding
+  - net.ipv6.conf.default.forwarding
\ No newline at end of file