Skip to content

Commit ccad8d4

Browse files
author
OpenShift Bot
authored
Merge pull request #14147 from jpeeler/projectedSCC
Merged by openshift-bot
2 parents 0641fae + aadcd49 commit ccad8d4

File tree

1 file changed

+6
-6
lines changed

1 file changed

+6
-6
lines changed

pkg/cmd/server/bootstrappolicy/securitycontextconstraints.go

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -94,7 +94,7 @@ func GetBootstrapSecurityContextConstraints(sccNameToAdditionalGroups map[string
9494
DescriptionAnnotation: SecurityContextConstraintNonRootDesc,
9595
},
9696
},
97-
Volumes: []kapi.FSType{kapi.FSTypeEmptyDir, kapi.FSTypeSecret, kapi.FSTypeDownwardAPI, kapi.FSTypeConfigMap, kapi.FSTypePersistentVolumeClaim},
97+
Volumes: []kapi.FSType{kapi.FSTypeEmptyDir, kapi.FSTypeSecret, kapi.FSTypeDownwardAPI, kapi.FSTypeConfigMap, kapi.FSTypePersistentVolumeClaim, kapi.FSProjected},
9898
SELinuxContext: kapi.SELinuxContextStrategyOptions{
9999
// This strategy requires that annotations on the namespace which will be populated
100100
// by the admission controller. If namespaces are not annotated creating the strategy
@@ -122,7 +122,7 @@ func GetBootstrapSecurityContextConstraints(sccNameToAdditionalGroups map[string
122122
DescriptionAnnotation: SecurityContextConstraintHostMountAndAnyUIDDesc,
123123
},
124124
},
125-
Volumes: []kapi.FSType{kapi.FSTypeHostPath, kapi.FSTypeEmptyDir, kapi.FSTypeSecret, kapi.FSTypeDownwardAPI, kapi.FSTypeConfigMap, kapi.FSTypePersistentVolumeClaim, kapi.FSTypeNFS},
125+
Volumes: []kapi.FSType{kapi.FSTypeHostPath, kapi.FSTypeEmptyDir, kapi.FSTypeSecret, kapi.FSTypeDownwardAPI, kapi.FSTypeConfigMap, kapi.FSTypePersistentVolumeClaim, kapi.FSTypeNFS, kapi.FSProjected},
126126
SELinuxContext: kapi.SELinuxContextStrategyOptions{
127127
// This strategy requires that annotations on the namespace which will be populated
128128
// by the admission controller. If namespaces are not annotated creating the strategy
@@ -151,7 +151,7 @@ func GetBootstrapSecurityContextConstraints(sccNameToAdditionalGroups map[string
151151
DescriptionAnnotation: SecurityContextConstraintHostNSDesc,
152152
},
153153
},
154-
Volumes: []kapi.FSType{kapi.FSTypeHostPath, kapi.FSTypeEmptyDir, kapi.FSTypeSecret, kapi.FSTypeDownwardAPI, kapi.FSTypeConfigMap, kapi.FSTypePersistentVolumeClaim},
154+
Volumes: []kapi.FSType{kapi.FSTypeHostPath, kapi.FSTypeEmptyDir, kapi.FSTypeSecret, kapi.FSTypeDownwardAPI, kapi.FSTypeConfigMap, kapi.FSTypePersistentVolumeClaim, kapi.FSProjected},
155155
AllowHostNetwork: true,
156156
AllowHostPorts: true,
157157
AllowHostPID: true,
@@ -183,7 +183,7 @@ func GetBootstrapSecurityContextConstraints(sccNameToAdditionalGroups map[string
183183
DescriptionAnnotation: SecurityContextConstraintRestrictedDesc,
184184
},
185185
},
186-
Volumes: []kapi.FSType{kapi.FSTypeEmptyDir, kapi.FSTypeSecret, kapi.FSTypeDownwardAPI, kapi.FSTypeConfigMap, kapi.FSTypePersistentVolumeClaim},
186+
Volumes: []kapi.FSType{kapi.FSTypeEmptyDir, kapi.FSTypeSecret, kapi.FSTypeDownwardAPI, kapi.FSTypeConfigMap, kapi.FSTypePersistentVolumeClaim, kapi.FSProjected},
187187
SELinuxContext: kapi.SELinuxContextStrategyOptions{
188188
// This strategy requires that annotations on the namespace which will be populated
189189
// by the admission controller. If namespaces are not annotated creating the strategy
@@ -213,7 +213,7 @@ func GetBootstrapSecurityContextConstraints(sccNameToAdditionalGroups map[string
213213
DescriptionAnnotation: SecurityContextConstraintsAnyUIDDesc,
214214
},
215215
},
216-
Volumes: []kapi.FSType{kapi.FSTypeEmptyDir, kapi.FSTypeSecret, kapi.FSTypeDownwardAPI, kapi.FSTypeConfigMap, kapi.FSTypePersistentVolumeClaim},
216+
Volumes: []kapi.FSType{kapi.FSTypeEmptyDir, kapi.FSTypeSecret, kapi.FSTypeDownwardAPI, kapi.FSTypeConfigMap, kapi.FSTypePersistentVolumeClaim, kapi.FSProjected},
217217
SELinuxContext: kapi.SELinuxContextStrategyOptions{
218218
// This strategy requires that annotations on the namespace which will be populated
219219
// by the admission controller. If namespaces are not annotated creating the strategy
@@ -244,7 +244,7 @@ func GetBootstrapSecurityContextConstraints(sccNameToAdditionalGroups map[string
244244
},
245245
AllowHostNetwork: true,
246246
AllowHostPorts: true,
247-
Volumes: []kapi.FSType{kapi.FSTypeEmptyDir, kapi.FSTypeSecret, kapi.FSTypeDownwardAPI, kapi.FSTypeConfigMap, kapi.FSTypePersistentVolumeClaim},
247+
Volumes: []kapi.FSType{kapi.FSTypeEmptyDir, kapi.FSTypeSecret, kapi.FSTypeDownwardAPI, kapi.FSTypeConfigMap, kapi.FSTypePersistentVolumeClaim, kapi.FSProjected},
248248
SELinuxContext: kapi.SELinuxContextStrategyOptions{
249249
// This strategy requires that annotations on the namespace which will be populated
250250
// by the admission controller. If namespaces are not annotated creating the strategy

0 commit comments

Comments
 (0)