fix(helm): use same scc as olm (#573)

stackabletech · Aug 9, 2024 · a517f5f · a517f5f
1 parent d5c1d09
commit a517f5f
Showing 1 changed file with 1 addition and 45 deletions.
diff --git a/deploy/helm/hdfs-operator/templates/roles.yaml b/deploy/helm/hdfs-operator/templates/roles.yaml
@@ -141,50 +141,6 @@ rules:
       - bind
     resourceNames:
       - {{ include "operator.name" . }}-clusterrole
-{{ if .Capabilities.APIVersions.Has "security.openshift.io/v1" }}
----
-apiVersion: security.openshift.io/v1
-kind: SecurityContextConstraints
-metadata:
-  name: hdfs-scc
-  labels:
-  {{- include "operator.labels" . | nindent 4 }}
-  annotations:
-    kubernetes.io/description: |-
-      This resource is derived from hostmount-anyuid. It provides all the features of the
-      restricted SCC but allows host mounts and any UID by a pod.  This is primarily
-      used by the persistent volume recycler. WARNING: this SCC allows host file
-      system access as any UID, including UID 0.  Grant with caution.
-    release.openshift.io/create-only: "true"
-allowHostDirVolumePlugin: true
-allowHostIPC: false
-allowHostNetwork: false
-allowHostPID: false
-allowHostPorts: false
-allowPrivilegeEscalation: true
-allowPrivilegedContainer: false
-allowedCapabilities: null
-defaultAddCapabilities: null
-fsGroup:
-  type: RunAsAny
-readOnlyRootFilesystem: false
-runAsUser:
-  type: RunAsAny
-seLinuxContext:
-  type: MustRunAs
-supplementalGroups:
-  type: RunAsAny
-volumes:
-- configMap
-- downwardAPI
-- emptyDir
-- hostPath
-- nfs
-- persistentVolumeClaim
-- projected
-- secret
-- ephemeral
-{{ end }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -220,7 +176,7 @@ rules:
     resources:
       - securitycontextconstraints
     resourceNames:
-      - hdfs-scc
+      - nonroot-v2
     verbs:
       - use
 {{ end }}