---
# Source: nginx-gateway-fabric/templates/scc.yaml
kind: SecurityContextConstraints
apiVersion: security.openshift.io/v1
metadata:
  name: nginx-gateway-scc
allowPrivilegeEscalation: false
allowHostDirVolumePlugin: false
allowHostIPC: false
allowHostNetwork: false
allowHostPID: false
allowHostPorts: false
allowPrivilegedContainer: false
readOnlyRootFilesystem: true
runAsUser:
  type: MustRunAsRange
  uidRangeMin: 101
  uidRangeMax: 102
fsGroup:
  type: MustRunAs
  ranges:
  - min: 1001
    max: 1001
supplementalGroups:
  type: MustRunAs
  ranges:
  - min: 1001
    max: 1001
seLinuxContext:
  type: MustRunAs
volumes:
- emptyDir
- secret
users:
- system:serviceaccount:nginx-gateway:nginx-gateway
allowedCapabilities:
- NET_BIND_SERVICE
- KILL
requiredDropCapabilities:
- ALL