Merge pull request #306 from kramaranya/AUTH-482

AUTH-482: set required-scc for openshift workloads

Author: openshift-merge-bot[bot]

assets/overlays/aws-efs/generated/standalone/controller.yaml

@@ -33,6 +33,7 @@ spec:
     metadata:
       annotations:
         cluster-autoscaler.kubernetes.io/safe-to-evict-local-volumes: socket-dir
+        openshift.io/required-scc: privileged
         target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}'
       labels:
         app: aws-efs-csi-driver-controller

assets/overlays/aws-efs/patches/controller_add_driver.yaml

@@ -20,6 +20,7 @@ spec:
       labels:
         app: aws-efs-csi-driver-controller
       annotations:
+        openshift.io/required-scc: privileged
         target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}'
     spec:
       hostNetwork: true

assets/overlays/azure-disk/generated/hypershift/controller.yaml

@@ -48,6 +48,7 @@ spec:
     metadata:
       annotations:
         cluster-autoscaler.kubernetes.io/safe-to-evict-local-volumes: socket-dir
+        openshift.io/required-scc: restricted-v2
         target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}'
       labels:
         app: azure-disk-csi-driver-controller

assets/overlays/azure-disk/generated/standalone/controller.yaml

@@ -44,6 +44,7 @@ spec:
     metadata:
       annotations:
         cluster-autoscaler.kubernetes.io/safe-to-evict-local-volumes: socket-dir
+        openshift.io/required-scc: restricted-v2
         target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}'
       labels:
         app: azure-disk-csi-driver-controller

assets/overlays/azure-disk/patches/controller_add_driver.yaml

@@ -6,6 +6,9 @@ metadata:
     config.openshift.io/inject-proxy-cabundle: csi-driver
 spec:
   template:
+    metadata:
+      annotations:
+        openshift.io/required-scc: restricted-v2
     spec:
       containers:
         - name: csi-driver

assets/overlays/azure-file/generated/hypershift/controller.yaml

@@ -49,6 +49,7 @@ spec:
     metadata:
       annotations:
         cluster-autoscaler.kubernetes.io/safe-to-evict-local-volumes: socket-dir
+        openshift.io/required-scc: restricted-v2
         target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}'
       labels:
         app: azure-file-csi-driver-controller

assets/overlays/azure-file/generated/standalone/controller.yaml

@@ -44,6 +44,7 @@ spec:
     metadata:
       annotations:
         cluster-autoscaler.kubernetes.io/safe-to-evict-local-volumes: socket-dir
+        openshift.io/required-scc: restricted-v2
         target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}'
       labels:
         app: azure-file-csi-driver-controller

assets/overlays/azure-file/patches/controller_add_driver.yaml

@@ -6,6 +6,9 @@ metadata:
     config.openshift.io/inject-proxy-cabundle: csi-driver
 spec:
   template:
+    metadata:
+      annotations:
+        openshift.io/required-scc: restricted-v2
     spec:
       ## Removing this for now
       # hostNetwork: true # although not needed for other drivers, this is required for the Azure File driver

assets/overlays/samba/generated/standalone/controller.yaml

@@ -31,6 +31,7 @@ spec:
     metadata:
       annotations:
         cluster-autoscaler.kubernetes.io/safe-to-evict-local-volumes: socket-dir
+        openshift.io/required-scc: privileged
         target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}'
       labels:
         app: smb-csi-driver-controller

assets/overlays/samba/patches/controller_add_driver.yaml

@@ -2,6 +2,9 @@ kind: Deployment
 apiVersion: apps/v1
 spec:
   template:
+    metadata:
+      annotations:
+        openshift.io/required-scc: privileged
     spec:
       containers:
         - name: csi-driver