apiVersion: v1
kind: ServiceAccount
metadata:
name: pipelines-sa-userid-1000
---
kind: SecurityContextConstraints
metadata:
annotations:
name: pipelines-scc-userid-1000
allowHostDirVolumePlugin: false
allowHostIPC: false
allowHostNetwork: false
allowHostPID: false
allowHostPorts: false
allowPrivilegeEscalation: true
allowPrivilegedContainer: false
allowedCapabilities: null
apiVersion: security.openshift.io/v1
defaultAddCapabilities: null
fsGroup:
type: MustRunAs
groups:
- system:cluster-admins
priority: 10
readOnlyRootFilesystem: false
requiredDropCapabilities:
- MKNOD
- KILL
runAsUser:
type: MustRunAs
uid: 1000
seLinuxContext:
type: MustRunAs
supplementalGroups:
type: RunAsAny
users: []
volumes:
- configMap
- downwardAPI
- emptyDir
- persistentVolumeClaim
- projected
- secret
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: pipelines-scc-userid-1000-clusterrole
rules:
- apiGroups:
- security.openshift.io
resourceNames:
- pipelines-scc-userid-1000
resources:
- securitycontextconstraints
verbs:
- use
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: pipelines-scc-userid-1000-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: pipelines-scc-userid-1000-clusterrole
subjects:
- kind: ServiceAccount
name: pipelines-sa-userid-1000
apiVersion : v1
kind : ServiceAccount
metadata :
name : pipelines- sa- userid- 1000
1
---
kind : SecurityContextConstraints
metadata :
annotations :
name : pipelines- scc- userid- 1000
2
allowHostDirVolumePlugin : false
allowHostIPC : false
allowHostNetwork : false
allowHostPID : false
allowHostPorts : false
allowPrivilegeEscalation : true
3
allowPrivilegedContainer : false
allowedCapabilities : null
apiVersion : security.openshift.io/v1
defaultAddCapabilities : null
fsGroup :
type : MustRunAs
groups :
- system: cluster- admins
priority : 10
readOnlyRootFilesystem : false
requiredDropCapabilities :
- MKNOD
- KILL
runAsUser :
4
type : MustRunAs
uid : 1000
seLinuxContext :
type : MustRunAs
supplementalGroups :
type : RunAsAny
users : [ ]
volumes :
- configMap
- downwardAPI
- emptyDir
- persistentVolumeClaim
- projected
- secret
---
apiVersion : rbac.authorization.k8s.io/v1
kind : ClusterRole
metadata :
name : pipelines- scc- userid- 1000- clusterrole
5
rules :
- apiGroups :
- security.openshift.io
resourceNames :
- pipelines- scc- userid- 1000
resources :
- securitycontextconstraints
verbs :
- use
---
apiVersion : rbac.authorization.k8s.io/v1
kind : RoleBinding
metadata :
name : pipelines- scc- userid- 1000- rolebinding
6
roleRef :
apiGroup : rbac.authorization.k8s.io
kind : ClusterRole
name : pipelines- scc- userid- 1000- clusterrole
subjects :
- kind : ServiceAccount
name : pipelines- sa- userid- 1000
Copy to Clipboard
Copied!
Toggle word wrap
Toggle overflow