Enable user namespaces for the operands

tchap · tchap · commit ff9d9c132076 · 2025-10-09T15:56:41.000+02:00
Use restricted-v3 SCC policy for all operand deployments.
diff --git a/bindata/assets/openshift-controller-manager/deploy.yaml b/bindata/assets/openshift-controller-manager/deploy.yaml
@@ -33,13 +33,13 @@ spec:
       name: openshift-controller-manager
       annotations:
         target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}'
-        openshift.io/required-scc: restricted-v2
+        openshift.io/required-scc: restricted-v3
       labels:
         app: openshift-controller-manager-a
         controller-manager: "true"
     spec:
+      hostUsers: false
       securityContext:
-        runAsNonRoot: true
         seccompProfile:
           type: RuntimeDefault
       priorityClassName: system-node-critical
diff --git a/bindata/assets/openshift-controller-manager/route-controller-manager-deploy.yaml b/bindata/assets/openshift-controller-manager/route-controller-manager-deploy.yaml
@@ -23,13 +23,13 @@ spec:
       name: route-controller-manager
       annotations:
         target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}'
-        openshift.io/required-scc: restricted-v2
+        openshift.io/required-scc: restricted-v3
       labels:
         app: route-controller-manager
         route-controller-manager: "true"
     spec:
+      hostUsers: false
       securityContext:
-        runAsNonRoot: true
         seccompProfile:
           type: RuntimeDefault
       priorityClassName: system-node-critical
