Skip to content

Commit

Permalink
Update the scc policy for openshift
Browse files Browse the repository at this point in the history
  • Loading branch information
@VyacheslavSemin
VyacheslavSemin committed Jan 26, 2024
1 parent bf1f025 commit 6df84b9
Show file tree
Hide file tree
Showing 3 changed files with 12 additions and 14 deletions.
4 changes: 2 additions & 2 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ This repository contains a set of files to deploy ONLYOFFICE Docs into a Kuberne

## Deploy prerequisites

Note: When installing to an OpenShift cluster, you must apply the `SecurityContextConstraints` policy, which adds permission to run containers from a user whose `ID = 1001`.
Note: It may be required to apply `SecurityContextConstraints` when installing into OpenShift cluster as it adds permission to run containers by user with `ID = 1001`.

To do this, run the following commands:
```
Expand Down Expand Up @@ -286,7 +286,7 @@ and then run the `helm upgrade documentserver onlyoffice/docs --set extraThemes.

## Deploy ONLYOFFICE Docs

Note: When installing to an OpenShift cluster, you must apply the `SecurityContextConstraints` policy, which adds permission to run containers from a user whose `ID = 101`.
Note: It may be required to apply `SecurityContextConstraints` when installing into OpenShift cluster as it adds permission to run containers by user with `ID = 101`.

To do this, run the following commands:

Expand Down
11 changes: 5 additions & 6 deletions sources/scc/docs-components.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,20 +1,19 @@
---
apiVersion: security.openshift.io/v1
kind: SecurityContextConstraints
apiVersion: security.openshift.io/v1
metadata:
name: scc-docs-components
allowPrivilegedContainer: false
users: []
groups: []
runAsUser:
type: MustRunAs
uid: 101
seLinuxContext:
type: MustRunAs
fsGroup:
type: MustRunAs
ranges:
- max: 101
min: 101
supplementalGroups:
type: MustRunAs
seLinuxContext:
type: MustRunAs
users: []
groups: []
11 changes: 5 additions & 6 deletions sources/scc/helm-components.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,22 +1,21 @@
---
apiVersion: security.openshift.io/v1
kind: SecurityContextConstraints
apiVersion: security.openshift.io/v1
metadata:
name: scc-helm-components
allowPrivilegedContainer: false
users: []
groups: []
runAsUser:
type: MustRunAs
uid: 1001
seLinuxContext:
type: MustRunAs
fsGroup:
type: MustRunAs
ranges:
- max: 1001
min: 1001
supplementalGroups:
type: MustRunAs
seLinuxContext:
type: MustRunAs
users: []
groups: []
seccompProfiles:
- runtime/default

0 comments on commit 6df84b9

Please sign in to comment.