From 6e53b7ef63206bbe3e35b3f11785bd8e7f600678 Mon Sep 17 00:00:00 2001 From: kramaranya Date: Tue, 30 Jul 2024 11:35:05 +0100 Subject: [PATCH] manifests: set required-scc for openshift workloads --- bindata/manifests/daemon/daemonset.yaml | 1 + bindata/manifests/operator-webhook/server.yaml | 2 ++ bindata/manifests/webhook/server.yaml | 2 ++ config/manager/manager.yaml | 2 ++ 4 files changed, 7 insertions(+) diff --git a/bindata/manifests/daemon/daemonset.yaml b/bindata/manifests/daemon/daemonset.yaml index e3e5526e0..c9b151520 100644 --- a/bindata/manifests/daemon/daemonset.yaml +++ b/bindata/manifests/daemon/daemonset.yaml @@ -23,6 +23,7 @@ spec: openshift.io/component: network annotations: kubectl.kubernetes.io/default-container: sriov-network-config-daemon + openshift.io/required-scc: privileged spec: hostNetwork: true hostPID: true diff --git a/bindata/manifests/operator-webhook/server.yaml b/bindata/manifests/operator-webhook/server.yaml index 188a7f182..29e369680 100644 --- a/bindata/manifests/operator-webhook/server.yaml +++ b/bindata/manifests/operator-webhook/server.yaml @@ -22,6 +22,8 @@ spec: metadata: labels: app: operator-webhook + annotations: + openshift.io/required-scc: restricted-v2 spec: securityContext: runAsNonRoot: true diff --git a/bindata/manifests/webhook/server.yaml b/bindata/manifests/webhook/server.yaml index 659f71b7e..95e020671 100644 --- a/bindata/manifests/webhook/server.yaml +++ b/bindata/manifests/webhook/server.yaml @@ -25,6 +25,8 @@ spec: component: network type: infra openshift.io/component: network + annotations: + openshift.io/required-scc: restricted-v2 spec: securityContext: runAsNonRoot: true diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index 586fa3f17..9247ac6d1 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -21,6 +21,8 @@ spec: metadata: labels: control-plane: controller-manager + annotations: + openshift.io/required-scc: restricted-v2 spec: securityContext: runAsNonRoot: true