---
allowHostDirVolumePlugin: false
allowHostIPC: false
allowHostNetwork: true
allowHostPID: false
allowHostPorts: true
allowPrivilegeEscalation: false
allowPrivilegedContainer: false
allowedCapabilities:
- NET_BIND_SERVICE
apiVersion: security.openshift.io/v1
defaultAddCapabilities: null
fsGroup:
  type: MustRunAs
groups: []
kind: SecurityContextConstraints
metadata:
  annotations:
    include.release.openshift.io/ibm-cloud-managed: "true"
    include.release.openshift.io/self-managed-high-availability: "true"
    include.release.openshift.io/single-node-developer: "true"
    kubernetes.io/description: hostnetwork allows using host networking and host ports
      but still requires pods to be run with a UID and SELinux context that are allocated
      to the namespace. On top of the legacy 'hostnetwork' SCC, it also requires to
      drop ALL capabilities and does not allow privilege escalation binaries. It will
      also default the seccomp profile to runtime/default if unset, otherwise this
      seccomp profile is required.
  creationTimestamp: "2025-10-11T10:24:19Z"
  generation: 1
  managedFields:
  - apiVersion: security.openshift.io/v1
    fieldsType: FieldsV1
    fieldsV1:
      f:allowHostDirVolumePlugin: {}
      f:allowHostIPC: {}
      f:allowHostNetwork: {}
      f:allowHostPID: {}
      f:allowHostPorts: {}
      f:allowPrivilegeEscalation: {}
      f:allowPrivilegedContainer: {}
      f:allowedCapabilities: {}
      f:defaultAddCapabilities: {}
      f:fsGroup:
        .: {}
        f:type: {}
      f:groups: {}
      f:metadata:
        f:annotations:
          .: {}
          f:include.release.openshift.io/ibm-cloud-managed: {}
          f:include.release.openshift.io/self-managed-high-availability: {}
          f:include.release.openshift.io/single-node-developer: {}
          f:kubernetes.io/description: {}
      f:priority: {}
      f:readOnlyRootFilesystem: {}
      f:requiredDropCapabilities: {}
      f:runAsUser:
        .: {}
        f:type: {}
      f:seLinuxContext:
        .: {}
        f:type: {}
      f:seccompProfiles: {}
      f:supplementalGroups:
        .: {}
        f:type: {}
      f:users: {}
      f:volumes: {}
    manager: cluster-bootstrap
    operation: Update
    time: "2025-10-11T10:24:19Z"
  - apiVersion: security.openshift.io/v1
    fieldsType: FieldsV1
    fieldsV1:
      f:metadata:
        f:ownerReferences:
          .: {}
          k:{"uid":"d5f199fe-acec-4610-b505-6d5fa3929e77"}: {}
    manager: cluster-version-operator
    operation: Update
    time: "2025-10-11T10:25:40Z"
  name: hostnetwork-v2
  ownerReferences:
  - apiVersion: config.openshift.io/v1
    controller: true
    kind: ClusterVersion
    name: version
    uid: d5f199fe-acec-4610-b505-6d5fa3929e77
  resourceVersion: "1775"
  uid: 3dcb4beb-3847-43cd-9a7a-23b24f9c63c4
priority: null
readOnlyRootFilesystem: false
requiredDropCapabilities:
- ALL
runAsUser:
  type: MustRunAsRange
seLinuxContext:
  type: MustRunAs
seccompProfiles:
- runtime/default
supplementalGroups:
  type: MustRunAs
users: []
volumes:
- configMap
- csi
- downwardAPI
- emptyDir
- ephemeral
- persistentVolumeClaim
- projected
- secret