From 95cc0f28c2d15dbf8ee88d93b8fb0461b218538a Mon Sep 17 00:00:00 2001
From: Anas El Barkani <anas.elbarkani@advatys.com>
Date: Wed, 6 Apr 2022 22:07:43 +0200
Subject: [PATCH] added sa to scc

---
 .../templates/admission-webhooks/job-patch/scc.yaml            | 3 ++-
 charts/ingress-nginx/templates/controller-scc.yaml             | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/scc.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/scc.yaml
index 4c339e0f1..98943aa31 100644
--- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/scc.yaml
+++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/scc.yaml
@@ -22,7 +22,8 @@ requiredDropCapabilities:
 - ALL
 fsGroup:
   type: MustRunAs
-
+users:
+- system:serviceaccount:{{ .Release.Namespace }}:{{ include "ingress-nginx.fullname" . }}-admission
 priority: null
 readOnlyRootFilesystem: false
 runAsUser:
diff --git a/charts/ingress-nginx/templates/controller-scc.yaml b/charts/ingress-nginx/templates/controller-scc.yaml
index 5734ec48a..fdafb2e72 100644
--- a/charts/ingress-nginx/templates/controller-scc.yaml
+++ b/charts/ingress-nginx/templates/controller-scc.yaml
@@ -31,7 +31,8 @@ seLinuxContext:
   type: MustRunAs
 supplementalGroups:
   type: RunAsAny
-
+users:
+- system:serviceaccount:{{ .Release.Namespace }}:{{ template "ingress-nginx.serviceAccountName" . }}
 volumes:
 - configMap
 - downwardAPI