---
allowHostDirVolumePlugin: true
allowHostIPC: false
allowHostNetwork: true
allowHostPID: false
allowHostPorts: false
allowPrivilegeEscalation: true
allowPrivilegedContainer: false
allowedCapabilities: null
apiVersion: security.openshift.io/v1
defaultAddCapabilities: null
fsGroup:
  type: MustRunAs
groups: []
kind: SecurityContextConstraints
metadata:
  annotations:
    capability.openshift.io/name: MachineAPI
    include.release.openshift.io/self-managed-high-availability: "true"
    kubernetes.io/description: machine-api-termination-handler allows the machine-api-termination-handler
      service account to run as root, access host paths and access the host network.
      This SCC is limited and should not be used for any other service.
  creationTimestamp: "2026-03-19T11:57:07Z"
  generation: 1
  managedFields:
  - apiVersion: security.openshift.io/v1
    fieldsType: FieldsV1
    fieldsV1:
      f:allowHostDirVolumePlugin: {}
      f:allowHostIPC: {}
      f:allowHostNetwork: {}
      f:allowHostPID: {}
      f:allowHostPorts: {}
      f:allowPrivilegedContainer: {}
      f:allowedCapabilities: {}
      f:defaultAddCapabilities: {}
      f:fsGroup:
        .: {}
        f:type: {}
      f:groups: {}
      f:metadata:
        f:annotations:
          .: {}
          f:capability.openshift.io/name: {}
          f:include.release.openshift.io/self-managed-high-availability: {}
          f:kubernetes.io/description: {}
        f:ownerReferences:
          .: {}
          k:{"uid":"c8d5eea9-4a6a-4eaf-a0fc-ad37a736ee9a"}: {}
      f:priority: {}
      f:readOnlyRootFilesystem: {}
      f:requiredDropCapabilities: {}
      f:runAsUser:
        .: {}
        f:type: {}
      f:seLinuxContext:
        .: {}
        f:type: {}
      f:supplementalGroups:
        .: {}
        f:type: {}
      f:users: {}
      f:volumes: {}
    manager: cluster-version-operator
    operation: Update
    time: "2026-03-19T11:57:07Z"
  name: machine-api-termination-handler
  ownerReferences:
  - apiVersion: config.openshift.io/v1
    controller: true
    kind: ClusterVersion
    name: version
    uid: c8d5eea9-4a6a-4eaf-a0fc-ad37a736ee9a
  resourceVersion: "10515"
  uid: 3e65291b-f756-413b-9fe0-b9408ea462e9
priority: null
readOnlyRootFilesystem: false
requiredDropCapabilities:
- KILL
- MKNOD
- SETUID
- SETGID
runAsUser:
  type: RunAsAny
seLinuxContext:
  type: MustRunAs
supplementalGroups:
  type: MustRunAs
users:
- system:serviceaccount:openshift-machine-api:machine-api-termination-handler
volumes:
- downwardAPI
- hostPath