diff --git a/charts/sn-platform-slim/templates/openshift/scc-rolebinding.yaml b/charts/sn-platform-slim/templates/openshift/scc-rolebinding.yaml index 57f3510c8..0042619d2 100644 --- a/charts/sn-platform-slim/templates/openshift/scc-rolebinding.yaml +++ b/charts/sn-platform-slim/templates/openshift/scc-rolebinding.yaml @@ -18,8 +18,7 @@ # {{- if and .Values.openshift.enabled .Values.openshift.scc.enabled -}} -{{- $sas := list (include "pulsar.vault.serviceAccount" .) -}} -{{- $sas = append $sas (include "pulsar.zookeeper.serviceAccount" .) -}} +{{- $sas := list (include "pulsar.zookeeper.serviceAccount" .) -}} {{- $sas = append $sas (include "pulsar.bookkeeper.serviceAccount" .) -}} {{- $sas = append $sas (include "pulsar.broker.serviceAccount" .) -}} {{- $sas = append $sas (include "pulsar.proxy.serviceAccount" .) -}} diff --git a/charts/sn-platform-slim/templates/openshift/scc.yaml b/charts/sn-platform-slim/templates/openshift/scc.yaml index 41dd4eb4a..ff77cb11f 100644 --- a/charts/sn-platform-slim/templates/openshift/scc.yaml +++ b/charts/sn-platform-slim/templates/openshift/scc.yaml @@ -29,11 +29,6 @@ allowHostPID: false allowHostPorts: false allowPrivilegeEscalation: true allowPrivilegedContainer: true -allowedCapabilities: - {{- if .Values.components.vault }} - - IPC_LOCK - - SETFCAP - {{- end }} defaultAddCapabilities: null fsGroup: type: RunAsAny