diff options
| author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2017-10-05 09:42:09 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-10-05 09:42:09 -0700 |
| commit | 6f06b5ed6ada0bf22051b7af79bd474ae2398ee9 (patch) | |
| tree | 2d54f3580de1580c14c956cbd9532338c1193d18 /roles/openshift_cfme/files/templates/cloudforms/cfme-scc-sysadmin.yaml | |
| parent | 8e2019c9c3840a64425c34c23ace9e9cbd6b7eb0 (diff) | |
| parent | d4c1a0443e7c38343752f880d6ae3c2c2c33ab54 (diff) | |
| download | openshift-6f06b5ed6ada0bf22051b7af79bd474ae2398ee9.tar.gz openshift-6f06b5ed6ada0bf22051b7af79bd474ae2398ee9.tar.bz2 openshift-6f06b5ed6ada0bf22051b7af79bd474ae2398ee9.tar.xz openshift-6f06b5ed6ada0bf22051b7af79bd474ae2398ee9.zip | |
Merge pull request #5336 from tbielawa/cfme_4.6
Automatic merge from submit-queue.
Cfme 4.6
# Description
* Implements support for **CFME 4.6** in OCP 3.7
* **Replaces** the Tech Preview CFME 4.5 release included in OCP 3.6
* Does not support graceful migrations from the CFME 4.5 tech preview release
# References
* [Trello - (5) Integrate CFME 4.6 into OCP Installation](https://trello.com/c/Rzfn5Qa8/380-5-integrate-cfme-46-into-ocp-installation)
Ensure the following RFE/Errors do not happen again
- [x] #4555 - Error creating the CFME user
- [x] #4556 - Error in PV template evaluation
- [x] #4822 - Changing `maxImagesBulkImportedPerRepository` parameter
- [x] #4568 - Add NFS directory support
# Features
Ensure the following features are configurable in the role
- [x] POC deployments can easily default to NFS storage
- [ ] Production/Cloud deployments can use automatic storage providers
- [ ] Able to select between podified vs. external PostgreSQL database (podified uses configured storage mechanism)
- [x] Template resource requests can be overridden for POC deployments
Diffstat (limited to 'roles/openshift_cfme/files/templates/cloudforms/cfme-scc-sysadmin.yaml')
| -rw-r--r-- | roles/openshift_cfme/files/templates/cloudforms/cfme-scc-sysadmin.yaml | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/roles/openshift_cfme/files/templates/cloudforms/cfme-scc-sysadmin.yaml b/roles/openshift_cfme/files/templates/cloudforms/cfme-scc-sysadmin.yaml new file mode 100644 index 000000000..d2ece9298 --- /dev/null +++ b/roles/openshift_cfme/files/templates/cloudforms/cfme-scc-sysadmin.yaml @@ -0,0 +1,38 @@ +allowHostDirVolumePlugin: false +allowHostIPC: false +allowHostNetwork: false +allowHostPID: false +allowHostPorts: false +allowPrivilegedContainer: false +allowedCapabilities: +apiVersion: v1 +defaultAddCapabilities: +- SYS_ADMIN +fsGroup: + type: RunAsAny +groups: +- system:cluster-admins +kind: SecurityContextConstraints +metadata: + annotations: + kubernetes.io/description: cfme-sysadmin provides all features of the anyuid SCC but allows users to have SYS_ADMIN capabilities. This is the required scc for Pods requiring to run with systemd and the message bus. + creationTimestamp: + name: cfme-sysadmin +priority: 10 +readOnlyRootFilesystem: false +requiredDropCapabilities: +- MKNOD +- SYS_CHROOT +runAsUser: + type: RunAsAny +seLinuxContext: + type: MustRunAs +supplementalGroups: + type: RunAsAny +users: +volumes: +- configMap +- downwardAPI +- emptyDir +- persistentVolumeClaim +- secret |