| 12345678910111213141516171819202122232425262728293031323334353637383940 |
- {{- if .Values.rbac.sccEnabled }}
- apiVersion: security.openshift.io/v1
- kind: SecurityContextConstraints
- metadata:
- name: {{ include "loki.fullname" . }}
- labels:
- {{- include "loki.labels" . | nindent 4 }}
- allowHostDirVolumePlugin: false
- allowHostIPC: false
- allowHostNetwork: false
- allowHostPID: false
- allowHostPorts: false
- allowPrivilegeEscalation: true
- allowPrivilegedContainer: false
- allowedCapabilities: []
- defaultAddCapabilities: null
- fsGroup:
- type: RunAsAny
- groups: []
- priority: null
- readOnlyRootFilesystem: false
- requiredDropCapabilities:
- - ALL
- runAsUser:
- type: RunAsAny
- seLinuxContext:
- type: MustRunAs
- seccompProfiles:
- - '*'
- supplementalGroups:
- type: RunAsAny
- volumes:
- - configMap
- - downwardAPI
- - emptyDir
- - hostPath
- - persistentVolumeClaim
- - projected
- - secret
- {{- end }}
|
