deploy-templates/templates/scc_openshift.yaml (26 lines of code) (raw):
{{- if eq .Values.global.platform "openshift" -}}
apiVersion: security.openshift.io/v1
kind: SecurityContextConstraints
metadata:
labels:
{{- include "headlamp.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": "pre-install"
name: edp-headlamp-{{ .Release.Namespace }}
runAsUser:
type: MustRunAs
uid: 100
seLinuxContext:
type: MustRunAs
users:
- system:serviceaccount:{{ .Release.Namespace }}:{{ include "headlamp.serviceAccountName" . }}
allowHostDirVolumePlugin: false
allowHostIPC: true
allowHostNetwork: false
allowHostPID: false
allowHostPorts: false
allowPrivilegedContainer: false
allowedCapabilities: []
allowedFlexVolumes: []
readOnlyRootFilesystem: false
{{- end -}}