{{- if .Values.scc.create }}
{{- if .Values.grafana.enabled }}
kind: SecurityContextConstraints
apiVersion: security.openshift.io/v1
metadata:
  labels:
{{ include "helm.labels" . | indent 4 }}
  name: {{ .Release.Name }}-grafana
allowPrivilegedContainer: false
allowHostNetwork: false
allowHostDirVolumePlugin: true
allowHostPorts: true
allowHostPID: false
allowHostIPC: false
readOnlyRootFilesystem: false
requiredDropCapabilities:
  - KILL
  - MKNOD
  - SETUID
  - SETGID
defaultAddCapabilities: []
allowedCapabilities:
  - CHOWN
priority: 0
runAsUser:
  type: RunAsAny
seLinuxContext:
  type: RunAsAny
fsGroup:
  type: RunAsAny
supplementalGroups:
  type: RunAsAny
seccompProfiles:
  - runtime/default
volumes:
  - configMap
  - downwardAPI
  - emptyDir
  - persistentVolumeClaim
  - projected
  - secret
users:
  - system:serviceaccount:{{.Release.Namespace}}:{{.Release.Name}}-grafana
{{- end }}
{{- end }}