From c6019b7184bd723084e8765ce42182d9a737c253 Mon Sep 17 00:00:00 2001
From: Miguel Duarte Barroso <mdbarroso@redhat.com>
Date: Wed, 4 Dec 2024 17:14:17 +0100
Subject: [PATCH] linux-bridge: use w/ openshift required-scc annotation

Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com>
---
 data/linux-bridge/002-linux-bridge.yaml  | 6 ++++++
 data/linux-bridge/003-bridge-marker.yaml | 1 +
 hack/components/bump-bridge-marker.sh    | 1 +
 3 files changed, 8 insertions(+)

diff --git a/data/linux-bridge/002-linux-bridge.yaml b/data/linux-bridge/002-linux-bridge.yaml
index c9bc7ca1c..87a6bc6be 100644
--- a/data/linux-bridge/002-linux-bridge.yaml
+++ b/data/linux-bridge/002-linux-bridge.yaml
@@ -21,8 +21,14 @@ spec:
         name: kube-cni-linux-bridge-plugin
         tier: node
         app: cni-plugins
+{{ if .EnableSCC }}
+      annotations:
+        openshift.io/required-scc: "linux-bridge"
+        description: LinuxBridge installs 'bridge' CNI on cluster nodes, so it can be later used to attach Pods/VMs to Linux bridges
+{{ else }}
       annotations:
         description: LinuxBridge installs 'bridge' CNI on cluster nodes, so it can be later used to attach Pods/VMs to Linux bridges
+{{ end }}
     spec:
 {{ if .EnableSCC }}
       serviceAccountName: linux-bridge
diff --git a/data/linux-bridge/003-bridge-marker.yaml b/data/linux-bridge/003-bridge-marker.yaml
index b258b21ce..06a67c8a2 100644
--- a/data/linux-bridge/003-bridge-marker.yaml
+++ b/data/linux-bridge/003-bridge-marker.yaml
@@ -23,6 +23,7 @@ spec:
         name: bridge-marker
       annotations:
         description: Bridge marker exposes network bridges available on nodes as node resources
+        openshift.io/required-scc: "bridge-marker"
     spec:
       serviceAccountName: bridge-marker
       hostNetwork: true
diff --git a/hack/components/bump-bridge-marker.sh b/hack/components/bump-bridge-marker.sh
index 05bcb3104..7d2a8f79a 100755
--- a/hack/components/bump-bridge-marker.sh
+++ b/hack/components/bump-bridge-marker.sh
@@ -24,6 +24,7 @@ function __parametize_by_object() {
 				yaml-utils::update_param ${f} spec.template.spec.containers[0].imagePullPolicy  '{{ .ImagePullPolicy }}'
 				yaml-utils::update_param ${f} spec.template.spec.nodeSelector '{{ toYaml .Placement.NodeSelector | nindent 8 }}'
 				yaml-utils::set_param ${f} spec.template.spec.affinity '{{ toYaml .Placement.Affinity | nindent 8 }}'
+				yaml-utils::set_param ${f} 'spec.template.metadata.annotations."openshift.io/required-scc"' '"bridge-marker"'
 				yaml-utils::update_param ${f} spec.template.spec.tolerations '{{ toYaml .Placement.Tolerations | nindent 8 }}'
 				yaml-utils::remove_single_quotes_from_yaml ${f}
 				;;