From 6491156de094361b7f050afd6bf966f00ce94819 Mon Sep 17 00:00:00 2001
From: Razvan-Daniel Mihai <84674+razvan@users.noreply.github.com>
Date: Fri, 9 Aug 2024 16:34:47 +0200
Subject: [PATCH] fix(helm): use same scc as olm

---
 .../templates/spark-clusterrole.yaml          | 48 +------------------
 1 file changed, 1 insertion(+), 47 deletions(-)

diff --git a/deploy/helm/spark-k8s-operator/templates/spark-clusterrole.yaml b/deploy/helm/spark-k8s-operator/templates/spark-clusterrole.yaml
index 4209b29e..de4beef8 100644
--- a/deploy/helm/spark-k8s-operator/templates/spark-clusterrole.yaml
+++ b/deploy/helm/spark-k8s-operator/templates/spark-clusterrole.yaml
@@ -1,49 +1,3 @@
-{{ if .Capabilities.APIVersions.Has "security.openshift.io/v1" }}
----
-apiVersion: security.openshift.io/v1
-kind: SecurityContextConstraints
-metadata:
-  name: spark-k8s-scc
-  labels:
-  {{- include "operator.labels" . | nindent 4 }}
-  annotations:
-    kubernetes.io/description: |-
-      This resource is derived from hostmount-anyuid. It provides all the features of the
-      restricted SCC but allows host mounts and any UID by a pod.  This is primarily
-      used by the persistent volume recycler. WARNING: this SCC allows host file
-      system access as any UID, including UID 0.  Grant with caution.
-    release.openshift.io/create-only: "true"
-allowHostDirVolumePlugin: true
-allowHostIPC: false
-allowHostNetwork: false
-allowHostPID: false
-allowHostPorts: false
-allowPrivilegeEscalation: true
-allowPrivilegedContainer: false
-allowedCapabilities: null
-defaultAddCapabilities: null
-fsGroup:
-  type: RunAsAny
-groups: []
-priority: null
-readOnlyRootFilesystem: false
-runAsUser:
-  type: RunAsAny
-seLinuxContext:
-  type: MustRunAs
-supplementalGroups:
-  type: RunAsAny
-volumes:
-- configMap
-- downwardAPI
-- emptyDir
-- hostPath
-- nfs
-- persistentVolumeClaim
-- projected
-- secret
-- ephemeral
-{{ end }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -82,7 +36,7 @@ rules:
     resources:
       - securitycontextconstraints
     resourceNames:
-      - spark-k8s-scc
+      - nonroot-v2
     verbs:
       - use
 {{ end }}