From 42be176b7b18d02a75d2e9b7b268ba3aee56ce18 Mon Sep 17 00:00:00 2001
From: Augustine Abaris <augustin@bu.edu>
Date: Mon, 23 Feb 2026 14:25:22 -0500
Subject: [PATCH] Add rolebinding and fix cron permission profile

---
 k8s/base/kustomization.yaml             |  1 +
 k8s/base/openstack-api-backup-cron.yaml |  2 --
 k8s/base/rolebinding.yaml               | 14 ++++++++++++++
 3 files changed, 15 insertions(+), 2 deletions(-)
 create mode 100644 k8s/base/rolebinding.yaml

diff --git a/k8s/base/kustomization.yaml b/k8s/base/kustomization.yaml
index ecf53dc..8b70399 100644
--- a/k8s/base/kustomization.yaml
+++ b/k8s/base/kustomization.yaml
@@ -1,4 +1,5 @@
 ---
 resources:
   - namespace.yaml
+  - rolebinding.yaml
   - openstack-api-backup-cron.yaml
diff --git a/k8s/base/openstack-api-backup-cron.yaml b/k8s/base/openstack-api-backup-cron.yaml
index 0d85708..f27aca9 100644
--- a/k8s/base/openstack-api-backup-cron.yaml
+++ b/k8s/base/openstack-api-backup-cron.yaml
@@ -26,8 +26,6 @@ spec:
                 capabilities:
                   drop:
                     - ALL
-                seccompProfile:
-                  type: RuntimeDefault
               env:
                 - name: HOME
                   value: '/tmp'
diff --git a/k8s/base/rolebinding.yaml b/k8s/base/rolebinding.yaml
new file mode 100644
index 0000000..63b1a52
--- /dev/null
+++ b/k8s/base/rolebinding.yaml
@@ -0,0 +1,14 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: system:openshift:scc:anyuid
+  namespace: openstack-api-backup
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:openshift:scc:anyuid
+subjects:
+  - kind: ServiceAccount
+    name: default
+    namespace: openstack-api-backup