From c32e452db8c2e7be5ef8ad345282895090717b49 Mon Sep 17 00:00:00 2001
From: Mo Khan <i@monis.app>
Date: Wed, 18 Nov 2020 17:08:45 -0500
Subject: [PATCH] Add nonroot SCC to work on OpenShift clusters

---
 deploy/concierge/rbac.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/deploy/concierge/rbac.yaml b/deploy/concierge/rbac.yaml
index 4f4c3305..7ebc75d1 100644
--- a/deploy/concierge/rbac.yaml
+++ b/deploy/concierge/rbac.yaml
@@ -24,6 +24,10 @@ rules:
   - apiGroups: [ policy ]
     resources: [ podsecuritypolicies ]
     verbs: [ use ]
+  - apiGroups: [ security.openshift.io ]
+    resources: [ securitycontextconstraints ]
+    verbs: [ use ]
+    resourceNames: [ nonroot ]
 ---
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1