feat: add scc configuration

Signed-off-by: Dominik Rosiek <[email protected]>

helm/tailing-sidecar-operator/templates/scc.yaml

@@ -0,0 +1,41 @@
+{{- if and .Values.scc.create (.Capabilities.APIVersions.Has "security.openshift.io/v1") }}
+apiVersion: security.openshift.io/v1
+kind: SecurityContextConstraints
+metadata:
+  annotations:
+    kubernetes.io/description: |
+      This provides the minimum requirements Sumo Logic Kubernetes Collection to run in Openshift.
+  name: tailing-sidecar-operator
+  labels:
+    app: tailing-sidecar-operator
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    release: "{{ .Release.Name }}"
+    heritage: "{{ .Release.Service }}"
+allowHostDirVolumePlugin: true
+allowHostIPC: false
+allowHostNetwork: false
+allowHostPID: false
+allowHostPorts: false
+allowPrivilegeEscalation: true
+allowPrivilegedContainer: true
+allowedCapabilities: []
+allowedUnsafeSysctls: []
+defaultAddCapabilities: []
+fsGroup:
+  type: RunAsAny
+groups:
+  - system:authenticated
+priority: 0
+readOnlyRootFilesystem: false
+requiredDropCapabilities: []
+runAsUser:
+  type: RunAsAny
+seLinuxContext:
+  type: MustRunAs
+seccompProfiles: []
+supplementalGroups:
+  type: RunAsAny
+users: []
+volumes:
+- "*"
+{{- end }}

helm/tailing-sidecar-operator/values.yaml

@@ -42,3 +42,6 @@ webhook:
 
 certManager:
   enabled: false
+
+scc:
+  create: true