apiVersion: security.openshift.io/v1
kind: SecurityContextConstraints
metadata:
  name: firezone-gateway-scc
allowPrivilegedContainer: false
allowedCapabilities:
  - NET_ADMIN
allowHostDirVolumePlugin: false
allowHostNetwork: false
allowHostPorts: false
allowHostPID: false
allowHostIPC: false
readOnlyRootFilesystem: false
requiredDropCapabilities:
  - ALL
runAsUser:
  type: RunAsAny
seLinuxContext:
  type: MustRunAs
fsGroup:
  type: MustRunAs
supplementalGroups:
  type: MustRunAs
volumes:
  - configMap
  - downwardAPI
  - emptyDir
  - persistentVolumeClaim
  - projected
  - secret
allowedUnsafeSysctls:
  - net.ipv4.ip_forward
  - net.ipv4.conf.all.src_valid_mark
  - net.ipv6.conf.all.disable_ipv6
  - net.ipv6.conf.all.forwarding
  - net.ipv6.conf.default.forwarding