apiVersion: security.openshift.io/v1 kind: SecurityContextConstraints metadata: name: gerrit-{{ .Release.Namespace }} annotations: "helm.sh/hook": pre-install labels: app: {{ .Values.gerrit.name }} {{- include "gerrit-operator.metaLabels" . | nindent 4 }} allowHostDirVolumePlugin: false allowHostIPC: true allowHostNetwork: false allowHostPID: false allowHostPorts: false allowPrivilegedContainer: false allowedCapabilities: [] allowedFlexVolumes: [] defaultAddCapabilities: [] fsGroup: type: RunAsAny groups: [] priority: 1 readOnlyRootFilesystem: false requiredDropCapabilities: [] runAsUser: type: RunAsAny seLinuxContext: type: MustRunAs supplementalGroups: type: RunAsAny users: - system:serviceaccount:{{ .Release.Namespace }}:{{ .Values.gerrit.serviceAccountName }} volumes: - configMap - downwardAPI - emptyDir - persistentVolumeClaim - projected - secret