Modify to run in Restricted SCC

(cherry picked from commit 71be71f3a020e1d8f006a834598f470bd977b000)

Author: matrober-uk

openshift-app-sample/Dockerfile

@@ -30,6 +30,11 @@
  ENV APP_HOME /go/src/openshift-app-sample
  RUN groupadd $APP_USER && useradd -m -g $APP_USER -l $APP_USER
  RUN mkdir -p $APP_HOME
+ # Create the directories the client expects to be present
+ RUN mkdir -p /IBM/MQ/data/errors \
+   && mkdir -p /.mqm \
+   && chmod -R 777 /IBM \
+   && chmod -R 777 /.mqm
  WORKDIR $APP_HOME
  COPY --chown=0:0 --from=builder $APP_HOME/openshift-app-sample $APP_HOME
  COPY --chown=0:0 --from=builder /opt/mqm /opt/mqm

openshift-app-sample/yaml/pod-sample.yaml

@@ -5,7 +5,7 @@ metadata:
 spec:
   containers:
     - name: golang-app
-      image: uk.icr.io/golang-sample/golang-app:1.0
+      image: uk.icr.io/golang-sample/golang-app:1.2
   restartPolicy: OnFailure
   imagePullSecrets:
     - name: all-icr-io

openshift-app-sample/yaml/sa-pod-deployer.yaml

@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: my-service-account
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: pod-interactions
+rules:
+  - apiGroups: [""]
+    resources: ["pods", "pods/exec"]
+    verbs: ["get", "list", "delete", "patch", "create"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: pod-interactions
+subjects:
+  - kind: User
+    name: my-service-account
+roleRef:
+  kind: Role
+  name: pod-interactions
+  apiGroup: rbac.authorization.k8s.io