From aadcd49ee7143209205988f3de44ee60888c50f7 Mon Sep 17 00:00:00 2001 From: Paul Morie Date: Wed, 10 May 2017 22:46:32 -0400 Subject: [PATCH] Add projected volume plugin into correct SCCs --- .../bootstrappolicy/securitycontextconstraints.go | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/pkg/cmd/server/bootstrappolicy/securitycontextconstraints.go b/pkg/cmd/server/bootstrappolicy/securitycontextconstraints.go index fcc5b260bfbe..24fca2a16c0e 100644 --- a/pkg/cmd/server/bootstrappolicy/securitycontextconstraints.go +++ b/pkg/cmd/server/bootstrappolicy/securitycontextconstraints.go @@ -94,7 +94,7 @@ func GetBootstrapSecurityContextConstraints(sccNameToAdditionalGroups map[string DescriptionAnnotation: SecurityContextConstraintNonRootDesc, }, }, - Volumes: []kapi.FSType{kapi.FSTypeEmptyDir, kapi.FSTypeSecret, kapi.FSTypeDownwardAPI, kapi.FSTypeConfigMap, kapi.FSTypePersistentVolumeClaim}, + Volumes: []kapi.FSType{kapi.FSTypeEmptyDir, kapi.FSTypeSecret, kapi.FSTypeDownwardAPI, kapi.FSTypeConfigMap, kapi.FSTypePersistentVolumeClaim, kapi.FSProjected}, SELinuxContext: kapi.SELinuxContextStrategyOptions{ // This strategy requires that annotations on the namespace which will be populated // by the admission controller. If namespaces are not annotated creating the strategy @@ -122,7 +122,7 @@ func GetBootstrapSecurityContextConstraints(sccNameToAdditionalGroups map[string DescriptionAnnotation: SecurityContextConstraintHostMountAndAnyUIDDesc, }, }, - Volumes: []kapi.FSType{kapi.FSTypeHostPath, kapi.FSTypeEmptyDir, kapi.FSTypeSecret, kapi.FSTypeDownwardAPI, kapi.FSTypeConfigMap, kapi.FSTypePersistentVolumeClaim, kapi.FSTypeNFS}, + Volumes: []kapi.FSType{kapi.FSTypeHostPath, kapi.FSTypeEmptyDir, kapi.FSTypeSecret, kapi.FSTypeDownwardAPI, kapi.FSTypeConfigMap, kapi.FSTypePersistentVolumeClaim, kapi.FSTypeNFS, kapi.FSProjected}, SELinuxContext: kapi.SELinuxContextStrategyOptions{ // This strategy requires that annotations on the namespace which will be populated // by the admission controller. If namespaces are not annotated creating the strategy @@ -151,7 +151,7 @@ func GetBootstrapSecurityContextConstraints(sccNameToAdditionalGroups map[string DescriptionAnnotation: SecurityContextConstraintHostNSDesc, }, }, - Volumes: []kapi.FSType{kapi.FSTypeHostPath, kapi.FSTypeEmptyDir, kapi.FSTypeSecret, kapi.FSTypeDownwardAPI, kapi.FSTypeConfigMap, kapi.FSTypePersistentVolumeClaim}, + Volumes: []kapi.FSType{kapi.FSTypeHostPath, kapi.FSTypeEmptyDir, kapi.FSTypeSecret, kapi.FSTypeDownwardAPI, kapi.FSTypeConfigMap, kapi.FSTypePersistentVolumeClaim, kapi.FSProjected}, AllowHostNetwork: true, AllowHostPorts: true, AllowHostPID: true, @@ -183,7 +183,7 @@ func GetBootstrapSecurityContextConstraints(sccNameToAdditionalGroups map[string DescriptionAnnotation: SecurityContextConstraintRestrictedDesc, }, }, - Volumes: []kapi.FSType{kapi.FSTypeEmptyDir, kapi.FSTypeSecret, kapi.FSTypeDownwardAPI, kapi.FSTypeConfigMap, kapi.FSTypePersistentVolumeClaim}, + Volumes: []kapi.FSType{kapi.FSTypeEmptyDir, kapi.FSTypeSecret, kapi.FSTypeDownwardAPI, kapi.FSTypeConfigMap, kapi.FSTypePersistentVolumeClaim, kapi.FSProjected}, SELinuxContext: kapi.SELinuxContextStrategyOptions{ // This strategy requires that annotations on the namespace which will be populated // by the admission controller. If namespaces are not annotated creating the strategy @@ -213,7 +213,7 @@ func GetBootstrapSecurityContextConstraints(sccNameToAdditionalGroups map[string DescriptionAnnotation: SecurityContextConstraintsAnyUIDDesc, }, }, - Volumes: []kapi.FSType{kapi.FSTypeEmptyDir, kapi.FSTypeSecret, kapi.FSTypeDownwardAPI, kapi.FSTypeConfigMap, kapi.FSTypePersistentVolumeClaim}, + Volumes: []kapi.FSType{kapi.FSTypeEmptyDir, kapi.FSTypeSecret, kapi.FSTypeDownwardAPI, kapi.FSTypeConfigMap, kapi.FSTypePersistentVolumeClaim, kapi.FSProjected}, SELinuxContext: kapi.SELinuxContextStrategyOptions{ // This strategy requires that annotations on the namespace which will be populated // by the admission controller. If namespaces are not annotated creating the strategy @@ -244,7 +244,7 @@ func GetBootstrapSecurityContextConstraints(sccNameToAdditionalGroups map[string }, AllowHostNetwork: true, AllowHostPorts: true, - Volumes: []kapi.FSType{kapi.FSTypeEmptyDir, kapi.FSTypeSecret, kapi.FSTypeDownwardAPI, kapi.FSTypeConfigMap, kapi.FSTypePersistentVolumeClaim}, + Volumes: []kapi.FSType{kapi.FSTypeEmptyDir, kapi.FSTypeSecret, kapi.FSTypeDownwardAPI, kapi.FSTypeConfigMap, kapi.FSTypePersistentVolumeClaim, kapi.FSProjected}, SELinuxContext: kapi.SELinuxContextStrategyOptions{ // This strategy requires that annotations on the namespace which will be populated // by the admission controller. If namespaces are not annotated creating the strategy