diff --git a/helm/olmv1/templates/deployment-olmv1-system-catalogd-controller-manager.yml b/helm/olmv1/templates/deployment-olmv1-system-catalogd-controller-manager.yml index 5beb73826..907d33c8e 100644 --- a/helm/olmv1/templates/deployment-olmv1-system-catalogd-controller-manager.yml +++ b/helm/olmv1/templates/deployment-olmv1-system-catalogd-controller-manager.yml @@ -28,7 +28,7 @@ spec: {{- include "olmv1.annotations" . | nindent 8 }} {{- if .Values.options.openshift.enabled }} target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}' - openshift.io/required-scc: privileged + openshift.io/required-scc: hostmount-anyuid-v2 {{- end }} labels: app.kubernetes.io/name: catalogd diff --git a/helm/olmv1/templates/deployment-olmv1-system-operator-controller-controller-manager.yml b/helm/olmv1/templates/deployment-olmv1-system-operator-controller-controller-manager.yml index a3bdea06f..cea5479e1 100644 --- a/helm/olmv1/templates/deployment-olmv1-system-operator-controller-controller-manager.yml +++ b/helm/olmv1/templates/deployment-olmv1-system-operator-controller-controller-manager.yml @@ -27,7 +27,7 @@ spec: {{- include "olmv1.annotations" . | nindent 8 }} {{- if .Values.options.openshift.enabled }} target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}' - openshift.io/required-scc: privileged + openshift.io/required-scc: hostmount-anyuid-v2 {{- end }} labels: app.kubernetes.io/name: operator-controller diff --git a/helm/olmv1/templates/rbac/clusterrole-catalogd-manager-role.yml b/helm/olmv1/templates/rbac/clusterrole-catalogd-manager-role.yml index fe43d1966..126d0950b 100644 --- a/helm/olmv1/templates/rbac/clusterrole-catalogd-manager-role.yml +++ b/helm/olmv1/templates/rbac/clusterrole-catalogd-manager-role.yml @@ -41,7 +41,7 @@ rules: resources: - securitycontextconstraints resourceNames: - - privileged + - hostmount-anyuid-v2 verbs: - use {{- end }} diff --git a/helm/olmv1/templates/rbac/clusterrole-operator-controller-manager-role.yml b/helm/olmv1/templates/rbac/clusterrole-operator-controller-manager-role.yml index 84f221003..8b4c15e74 100644 --- a/helm/olmv1/templates/rbac/clusterrole-operator-controller-manager-role.yml +++ b/helm/olmv1/templates/rbac/clusterrole-operator-controller-manager-role.yml @@ -68,7 +68,7 @@ rules: resources: - securitycontextconstraints resourceNames: - - privileged + - hostmount-anyuid-v2 verbs: - use {{- end }} diff --git a/helm/olmv1/values.yaml b/helm/olmv1/values.yaml index 7b6a2cb7e..146b5d316 100644 --- a/helm/olmv1/values.yaml +++ b/helm/olmv1/values.yaml @@ -66,10 +66,10 @@ deployments: nodeSelector: kubernetes.io/os: linux node-role.kubernetes.io/control-plane: "" + hostUsers: false securityContext: runAsNonRoot: true - seccompProfile: - type: RuntimeDefault + runAsUser: 1000 terminationGracePeriodSeconds: 10 tolerations: - effect: NoSchedule diff --git a/manifests/experimental-e2e.yaml b/manifests/experimental-e2e.yaml index 39ff01d61..4e995a9e4 100644 --- a/manifests/experimental-e2e.yaml +++ b/manifests/experimental-e2e.yaml @@ -2125,13 +2125,13 @@ spec: operator: In values: - linux + hostUsers: false nodeSelector: kubernetes.io/os: linux node-role.kubernetes.io/control-plane: "" securityContext: runAsNonRoot: true - seccompProfile: - type: RuntimeDefault + runAsUser: 1000 terminationGracePeriodSeconds: 10 tolerations: - effect: NoSchedule @@ -2284,13 +2284,13 @@ spec: operator: In values: - linux + hostUsers: false nodeSelector: kubernetes.io/os: linux node-role.kubernetes.io/control-plane: "" securityContext: runAsNonRoot: true - seccompProfile: - type: RuntimeDefault + runAsUser: 1000 terminationGracePeriodSeconds: 10 tolerations: - effect: NoSchedule diff --git a/manifests/experimental.yaml b/manifests/experimental.yaml index 86bba145d..16a4effbd 100644 --- a/manifests/experimental.yaml +++ b/manifests/experimental.yaml @@ -2038,13 +2038,13 @@ spec: operator: In values: - linux + hostUsers: false nodeSelector: kubernetes.io/os: linux node-role.kubernetes.io/control-plane: "" securityContext: runAsNonRoot: true - seccompProfile: - type: RuntimeDefault + runAsUser: 1000 terminationGracePeriodSeconds: 10 tolerations: - effect: NoSchedule @@ -2183,13 +2183,13 @@ spec: operator: In values: - linux + hostUsers: false nodeSelector: kubernetes.io/os: linux node-role.kubernetes.io/control-plane: "" securityContext: runAsNonRoot: true - seccompProfile: - type: RuntimeDefault + runAsUser: 1000 terminationGracePeriodSeconds: 10 tolerations: - effect: NoSchedule diff --git a/manifests/standard-e2e.yaml b/manifests/standard-e2e.yaml index 783beec51..5cea72b6b 100644 --- a/manifests/standard-e2e.yaml +++ b/manifests/standard-e2e.yaml @@ -1876,13 +1876,13 @@ spec: operator: In values: - linux + hostUsers: false nodeSelector: kubernetes.io/os: linux node-role.kubernetes.io/control-plane: "" securityContext: runAsNonRoot: true - seccompProfile: - type: RuntimeDefault + runAsUser: 1000 terminationGracePeriodSeconds: 10 tolerations: - effect: NoSchedule @@ -2029,13 +2029,13 @@ spec: operator: In values: - linux + hostUsers: false nodeSelector: kubernetes.io/os: linux node-role.kubernetes.io/control-plane: "" securityContext: runAsNonRoot: true - seccompProfile: - type: RuntimeDefault + runAsUser: 1000 terminationGracePeriodSeconds: 10 tolerations: - effect: NoSchedule diff --git a/manifests/standard.yaml b/manifests/standard.yaml index 95e400c26..162f7b0f5 100644 --- a/manifests/standard.yaml +++ b/manifests/standard.yaml @@ -1789,13 +1789,13 @@ spec: operator: In values: - linux + hostUsers: false nodeSelector: kubernetes.io/os: linux node-role.kubernetes.io/control-plane: "" securityContext: runAsNonRoot: true - seccompProfile: - type: RuntimeDefault + runAsUser: 1000 terminationGracePeriodSeconds: 10 tolerations: - effect: NoSchedule @@ -1928,13 +1928,13 @@ spec: operator: In values: - linux + hostUsers: false nodeSelector: kubernetes.io/os: linux node-role.kubernetes.io/control-plane: "" securityContext: runAsNonRoot: true - seccompProfile: - type: RuntimeDefault + runAsUser: 1000 terminationGracePeriodSeconds: 10 tolerations: - effect: NoSchedule