From c23527813e133e34eba67646061d573076c776cf Mon Sep 17 00:00:00 2001
From: Razvan-Daniel Mihai <84674+razvan@users.noreply.github.com>
Date: Fri, 9 Aug 2024 15:19:51 +0200
Subject: [PATCH] fix(helm): use the same scc as olm

---
 .../zookeeper-operator/templates/roles.yaml   | 50 +------------------
 1 file changed, 1 insertion(+), 49 deletions(-)

diff --git a/deploy/helm/zookeeper-operator/templates/roles.yaml b/deploy/helm/zookeeper-operator/templates/roles.yaml
index a721c98f..5e2d5e23 100644
--- a/deploy/helm/zookeeper-operator/templates/roles.yaml
+++ b/deploy/helm/zookeeper-operator/templates/roles.yaml
@@ -123,54 +123,6 @@ rules:
       - {{ include "operator.name" . }}znodes/status
     verbs:
       - patch
-{{ if .Capabilities.APIVersions.Has "security.openshift.io/v1" }}
----
-apiVersion: security.openshift.io/v1
-kind: SecurityContextConstraints
-metadata:
-  name: zookeeper-scc
-  labels:
-  {{- include "operator.labels" . | nindent 4 }}
-  annotations:
-    kubernetes.io/description: |-
-      zookeeper-scc is derived from hostmount-anyuid. It provides all the features of the
-      restricted SCC but allows host mounts and any UID by a pod.  This is primarily
-      used by the persistent volume recycler. WARNING: this SCC allows host file
-      system access as any UID, including UID 0.  Grant with caution.
-    release.openshift.io/create-only: "true"
-allowHostDirVolumePlugin: true
-allowHostIPC: false
-allowHostNetwork: false
-allowHostPID: false
-allowHostPorts: false
-allowPrivilegeEscalation: true
-allowPrivilegedContainer: false
-allowedCapabilities: null
-defaultAddCapabilities: null
-fsGroup:
-  type: RunAsAny
-groups: []
-priority: null
-readOnlyRootFilesystem: false
-requiredDropCapabilities:
-- MKNOD
-runAsUser:
-  type: RunAsAny
-seLinuxContext:
-  type: MustRunAs
-supplementalGroups:
-  type: RunAsAny
-volumes:
-- configMap
-- downwardAPI
-- emptyDir
-- hostPath
-- nfs
-- persistentVolumeClaim
-- projected
-- secret
-- ephemeral
-{{ end }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -199,7 +151,7 @@ rules:
     resources:
       - securitycontextconstraints
     resourceNames:
-      - zookeeper-scc
+      - nonroot-v2
     verbs:
       - use
 {{ end }}