config: OpenShift's SCC for samba

When running over OpenShift cluster, samba pods requires a dedicated
SecurityContextConstraints in order to function properly. This SCC is
not as powerful as the privileged but it has stronger capabilities
then the default one. In particular, with respect to modification to the
underlying volume.

It is up to the user to deploy this SCC prior to operator's deployment.
Either via kustomization.yaml or via explicit command line:

    $ oc apply -f config/openshift/samba-scc.yaml

Signed-off-by: Shachar Sharon <[email protected]>

Author: synarete

config/openshift/kustomization.yaml

@@ -0,0 +1,2 @@
+resources:
+  - scc.yaml

config/openshift/scc.yaml

@@ -0,0 +1,27 @@
+---
+apiVersion: security.openshift.io/v1
+kind: SecurityContextConstraints
+metadata:
+  annotations:
+    kubernetes.io/description: samba-scc
+  name: samba
+allowHostDirVolumePlugin: false
+allowHostIPC: false
+allowHostNetwork: false
+allowHostPID: false
+allowHostPorts: false
+allowPrivilegeEscalation: true
+allowPrivilegedContainer: true
+defaultAddCapabilities: null
+fsGroup:
+  type: RunAsAny
+readOnlyRootFilesystem: false
+requiredDropCapabilities: null
+runAsUser:
+  type: RunAsAny
+seLinuxContext:
+  type: RunAsAny
+supplementalGroups:
+  type: RunAsAny
+volumes:
+  - "*"