Add firezone-gateway-scc.yaml
This commit is contained in:
parent
f22b20a924
commit
01670fee64
1 changed files with 36 additions and 0 deletions
36
firezone-gateway-scc.yaml
Normal file
36
firezone-gateway-scc.yaml
Normal file
|
|
@ -0,0 +1,36 @@
|
|||
apiVersion: security.openshift.io/v1
|
||||
kind: SecurityContextConstraints
|
||||
metadata:
|
||||
name: firezone-gateway-scc
|
||||
allowPrivilegedContainer: false
|
||||
allowedCapabilities:
|
||||
- NET_ADMIN
|
||||
allowHostDirVolumePlugin: false
|
||||
allowHostNetwork: false
|
||||
allowHostPorts: false
|
||||
allowHostPID: false
|
||||
allowHostIPC: false
|
||||
readOnlyRootFilesystem: false
|
||||
requiredDropCapabilities:
|
||||
- ALL
|
||||
runAsUser:
|
||||
type: RunAsAny
|
||||
seLinuxContext:
|
||||
type: MustRunAs
|
||||
fsGroup:
|
||||
type: MustRunAs
|
||||
supplementalGroups:
|
||||
type: MustRunAs
|
||||
volumes:
|
||||
- configMap
|
||||
- downwardAPI
|
||||
- emptyDir
|
||||
- persistentVolumeClaim
|
||||
- projected
|
||||
- secret
|
||||
allowedUnsafeSysctls:
|
||||
- net.ipv4.ip_forward
|
||||
- net.ipv4.conf.all.src_valid_mark
|
||||
- net.ipv6.conf.all.disable_ipv6
|
||||
- net.ipv6.conf.all.forwarding
|
||||
- net.ipv6.conf.default.forwarding
|
||||
Loading…
Reference in a new issue