add bdc-scc.yaml

MikeRayMSFT · MikeRayMSFT · commit 7cb3189c505d · 2020-11-23T14:00:22.000-08:00
diff --git a/samples/features/sql-big-data-cluster/deployment/README.md b/samples/features/sql-big-data-cluster/deployment/README.md
@@ -19,3 +19,6 @@ Using the sample Python script in **offline** folder, you will push the necessar
 
 Using the sample Python script in **private-aks** folder, you will Deploy SQL Server big data cluster in in your private network with Azure Kubernetes service (AKS) private cluster.
 
+## __[OpenShift manifests and scripts](openshift/)__
+
+Use manifests and scripts in **openshift** folder, to support SQL Server Big Data Clusters on OpenShift.
diff --git a/samples/features/sql-big-data-cluster/deployment/openshift/bdc-scc.yaml b/samples/features/sql-big-data-cluster/deployment/openshift/bdc-scc.yaml
@@ -0,0 +1,39 @@
+apiVersion: security.openshift.io/v1
+kind: SecurityContextConstraints
+metadata:
+  annotations:
+    kubernetes.io/description: SQL Server BDC custom scc is based on 'nonroot' scc plus additional capabilities.
+  generation: 2
+  name: bdc-scc
+allowHostDirVolumePlugin: false
+allowHostIPC: false
+allowHostNetwork: false
+allowHostPID: false
+allowHostPorts: false
+allowPrivilegeEscalation: true
+allowPrivilegedContainer: false
+allowedCapabilities:
+  - SETUID
+  - SETGID
+  - CHOWN
+  - SYS_PTRACE
+defaultAddCapabilities: null
+fsGroup:
+  type: RunAsAny
+readOnlyRootFilesystem: false
+requiredDropCapabilities:
+  - KILL
+  - MKNOD
+runAsUser:
+  type: MustRunAsNonRoot
+seLinuxContext:
+  type: MustRunAs
+supplementalGroups:
+  type: RunAsAny
+volumes:
+  - configMap
+  - downwardAPI
+  - emptyDir
+  - persistentVolumeClaim
+  - projected
+  - secret
