add: SecurityContextConstraint kustomize

opendatahub-io · Oct 4, 2023 · f20278e · f20278e
1 parent c25e61f
commit f20278e
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 0 deletions.
diff --git a/ray-operator/config/default/kustomization.yaml b/ray-operator/config/default/kustomization.yaml
@@ -16,6 +16,7 @@ bases:
 - ../crd
 - ../rbac
 - ../manager
+- ../scc
 - namespace.yaml
 # [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'.
 #- ../prometheus

diff --git a/ray-operator/config/scc/kustomization.yaml b/ray-operator/config/scc/kustomization.yaml
@@ -0,0 +1,6 @@
+resources:
+- ray_operator_scc.yaml
+
+commonLabels:
+  app.kubernetes.io/name: kuberay
+  app.kubernetes.io/component: kuberay-operator
diff --git a/ray-operator/config/scc/ray_operator_scc.yaml b/ray-operator/config/scc/ray_operator_scc.yaml
@@ -0,0 +1,11 @@
+kind: SecurityContextConstraints
+apiVersion: security.openshift.io/v1
+metadata:
+  name: run-as-ray-user
+seLinuxContext:
+  type: MustRunAs
+runAsUser:
+  type: MustRunAs
+  uid: 1000
+users:
+  - 'system:serviceaccount:$(namespace):kuberay-operator'