RBAC to give Operator SA permissions

sats-23 · sats-23 · commit 156df5eb50f8 · 2025-09-17T18:59:24.000+05:30
diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml
@@ -18,3 +18,4 @@ resources:
 - metrics_auth_role.yaml
 - metrics_auth_role_binding.yaml
 - metrics_reader_role.yaml
+- rsct_operator_scc_modifier.yaml
diff --git a/config/rbac/rsct_operator_scc_modifier.yaml b/config/rbac/rsct_operator_scc_modifier.yaml
@@ -0,0 +1,21 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: rsct-operator-scc-modifier
+rules:
+- apiGroups: ["security.openshift.io"]
+  resources: ["securitycontextconstraints"]
+  verbs: ["get", "list", "watch", "update", "patch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: rsct-operator-scc-modifier-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: rsct-operator-scc-modifier
+subjects:
+- kind: ServiceAccount
+  name: rsct-operator-controller-manager
+  namespace: rsct-operator-system
