38 lines
949 B
YAML
38 lines
949 B
YAML
{{- if and .Values.openShift.enabled .Values.openShift.securityContextConstraints.create }}
|
|
apiVersion: security.openshift.io/v1
|
|
kind: SecurityContextConstraints
|
|
metadata:
|
|
name: {{ include "fluent-bit.fullname" . }}
|
|
{{- if .Values.openShift.securityContextConstraints.annotations }}
|
|
annotations:
|
|
{{- toYaml .Values.openShift.securityContextConstraints.annotations | nindent 4 }}
|
|
{{- end }}
|
|
allowPrivilegedContainer: true
|
|
allowPrivilegeEscalation: true
|
|
allowHostDirVolumePlugin: true
|
|
defaultAllowPrivilegeEscalation: false
|
|
# forbid host namespaces
|
|
allowHostNetwork: false
|
|
allowHostIPC: false
|
|
allowHostPorts: false
|
|
allowHostPID: false
|
|
allowedCapabilities: []
|
|
forbiddenSysctls:
|
|
- "*"
|
|
readOnlyRootFilesystem: false
|
|
requiredDropCapabilities:
|
|
- MKNOD
|
|
runAsUser:
|
|
type: RunAsAny
|
|
seLinuxContext:
|
|
type: MustRunAs
|
|
supplementalGroups:
|
|
type: RunAsAny
|
|
volumes:
|
|
- configMap
|
|
- emptyDir
|
|
- hostPath
|
|
- persistentVolumeClaim
|
|
- secret
|
|
{{- end }}
|