{{- if .Values.rbac.sccEnabled }}
apiVersion: security.openshift.io/v1
kind: SecurityContextConstraints
metadata:
  name: {{ include "loki.fullname" . }}
  labels:
    {{- include "loki.labels" . | nindent 4 }}
allowHostDirVolumePlugin: false
allowHostIPC: false
allowHostNetwork: false
allowHostPID: false
allowHostPorts: false
allowPrivilegeEscalation: true
allowPrivilegedContainer: false
allowedCapabilities: []
defaultAddCapabilities: null
fsGroup: 
  type: RunAsAny
groups: []
priority: null
readOnlyRootFilesystem: false
requiredDropCapabilities: 
  - ALL
runAsUser: 
  type: RunAsAny
seLinuxContext: 
  type: MustRunAs
seccompProfiles:
  - '*'
supplementalGroups: 
  type: RunAsAny
volumes: 
  - configMap
  - downwardAPI
  - emptyDir
  - hostPath
  - persistentVolumeClaim
  - projected
  - secret
{{- end }}