flux2/manifests/openshift/scc.yaml

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: flux-scc
rules:
  - apiGroups:
      - security.openshift.io
    resources:
      - securitycontextconstraints
    resourceNames:
      - nonroot
    verbs:
      - use
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: flux-scc
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: flux-scc
subjects:
  - kind: ServiceAccount
    name: source-controller
    namespace: flux-system
  - kind: ServiceAccount
    name: kustomize-controller
    namespace: flux-system
  - kind: ServiceAccount
    name: helm-controller
    namespace: flux-system
  - kind: ServiceAccount
    name: notification-controller
    namespace: flux-system
  - kind: ServiceAccount
    name: image-reflector-controller
    namespace: flux-system
  - kind: ServiceAccount
    name: image-automation-controller
    namespace: flux-system
e2e: Install Flux on OpenShift Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com> 10 months ago			`---`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`kind: ClusterRole`
			`metadata:`
			`name: flux-scc`
			`rules:`
			`- apiGroups:`
			`- security.openshift.io`
			`resources:`
			`- securitycontextconstraints`
			`resourceNames:`
			`- nonroot`
			`verbs:`
			`- use`
			`---`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`kind: ClusterRoleBinding`
			`metadata:`
			`name: flux-scc`
			`roleRef:`
			`apiGroup: rbac.authorization.k8s.io`
			`kind: ClusterRole`
			`name: flux-scc`
			`subjects:`
			`- kind: ServiceAccount`
			`name: source-controller`
			`namespace: flux-system`
			`- kind: ServiceAccount`
			`name: kustomize-controller`
			`namespace: flux-system`
			`- kind: ServiceAccount`
			`name: helm-controller`
			`namespace: flux-system`
			`- kind: ServiceAccount`
			`name: notification-controller`
			`namespace: flux-system`
			`- kind: ServiceAccount`
			`name: image-reflector-controller`
			`namespace: flux-system`
			`- kind: ServiceAccount`
			`name: image-automation-controller`
			`namespace: flux-system`