From 81b7ece7021594e59c56a6f0d91da46ce262e36d Mon Sep 17 00:00:00 2001
From: Ilias Rinis <irinis@redhat.com>
Date: Thu, 2 May 2024 15:45:21 +0200
Subject: [PATCH] UPSTREAM: <carry>: manifests: set required-scc for openshift
 workloads

---
 openshift/generate-manifests.sh                                  | 1 +
 ...perator-controller-operator-controller-controller-manager.yml | 1 +
 2 files changed, 2 insertions(+)

diff --git a/openshift/generate-manifests.sh b/openshift/generate-manifests.sh
index ff614f959..6820ecbd7 100755
--- a/openshift/generate-manifests.sh
+++ b/openshift/generate-manifests.sh
@@ -54,6 +54,7 @@ for container_name in "${!IMAGE_MAPPINGS[@]}"; do
   placeholder="${IMAGE_MAPPINGS[$container_name]}"
   $YQ -i "(select(.kind == \"Deployment\")|.spec.template.spec.containers[]|select(.name==\"$container_name\")|.image) = \"$placeholder\"" "$TMP_KUSTOMIZE_OUTPUT"
   $YQ -i 'select(.kind == "Deployment").spec.template.metadata.annotations += {"target.workload.openshift.io/management": "{\"effect\": \"PreferredDuringScheduling\"}"}' "$TMP_KUSTOMIZE_OUTPUT"
+  $YQ -i 'select(.kind == "Deployment").spec.template.metadata.annotations += {"openshift.io/required-scc": "restricted-v2"}' "$TMP_KUSTOMIZE_OUTPUT"
   $YQ -i 'select(.kind == "Deployment").spec.template.spec += {"priorityClassName": "system-cluster-critical"}' "$TMP_KUSTOMIZE_OUTPUT"
   $YQ -i 'select(.kind == "Namespace").metadata.annotations += {"workload.openshift.io/allowed": "management"}' "$TMP_KUSTOMIZE_OUTPUT"
 done
diff --git a/openshift/manifests/11-deployment-openshift-operator-controller-operator-controller-controller-manager.yml b/openshift/manifests/11-deployment-openshift-operator-controller-operator-controller-controller-manager.yml
index 98069016f..2770ce71b 100644
--- a/openshift/manifests/11-deployment-openshift-operator-controller-operator-controller-controller-manager.yml
+++ b/openshift/manifests/11-deployment-openshift-operator-controller-operator-controller-controller-manager.yml
@@ -24,6 +24,7 @@ spec:
       annotations:
         kubectl.kubernetes.io/default-container: manager
         target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}'
+        openshift.io/required-scc: restricted-v2
       labels:
         control-plane: controller-manager
     spec: