{{- if .Capabilities.APIVersions.Has "security.openshift.io/v1/SecurityContextConstraints" }}
kind: SecurityContextConstraints
apiVersion: security.openshift.io/v1
metadata:
  name: {{ .Release.Name }}-controller-scc

allowPrivilegedContainer: true
allowHostDirVolumePlugin: true
allowedVolumeTypes:
  - hostPath
  - secret
readOnlyRootFilesystem: false

runAsUser:
  type: RunAsAny
seLinuxContext:
  type: RunAsAny
fsGroup:
  type: RunAsAny
supplementalGroups:
  type: RunAsAny
users:
  - system:serviceaccount:{{ .Release.Namespace }}:{{ .Release.Name }}-controller
{{- end }}