{{- if eq .Values.interceptor.enabled true }} {{- if eq .Values.global.platform "openshift" -}} apiVersion: security.openshift.io/v1 kind: SecurityContextConstraints metadata: labels: {{- include "edp-tekton-interceptor.labels" . | nindent 4 }} annotations: "helm.sh/hook": "pre-install" name: {{ include "edp-tekton-interceptor.name" . }}-{{ .Release.Namespace }} runAsUser: type: MustRunAs uid: 65532 seLinuxContext: type: MustRunAs users: - system:serviceaccount:{{ .Release.Namespace }}:{{ include "edp-tekton-interceptor.serviceAccountName" . }} allowHostDirVolumePlugin: false allowHostIPC: true allowHostNetwork: false allowHostPID: false allowHostPorts: false allowPrivilegedContainer: false allowedCapabilities: [] allowedFlexVolumes: [] readOnlyRootFilesystem: false {{- end -}} {{- end }}