From e6ae026eb147ffb279049774b64da4da2e8ca566 Mon Sep 17 00:00:00 2001
From: Alvaro Aleman <alvaroaleman@users.noreply.github.com>
Date: Fri, 24 Jun 2022 17:06:15 -0400
Subject: [PATCH] Excempt build controller SA from PodSecurity admission

Mirrors
https://github.com/openshift/cluster-kube-apiserver-operator/pull/1358
---
 .../controllers/hostedcontrolplane/kas/config.go             | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/control-plane-operator/controllers/hostedcontrolplane/kas/config.go b/control-plane-operator/controllers/hostedcontrolplane/kas/config.go
index a3f659810d..7ef0813459 100644
--- a/control-plane-operator/controllers/hostedcontrolplane/kas/config.go
+++ b/control-plane-operator/controllers/hostedcontrolplane/kas/config.go
@@ -95,6 +95,11 @@ func generateConfig(p KubeAPIServerConfigParams, version semver.Version) *kcpv1.
 									Warn:           "restricted",
 									WarnVersion:    "latest",
 								},
+								Exemptions: podsecurityadmissionv1beta1.PodSecurityExemptions{
+									Usernames: []string{
+										"system:serviceaccount:openshift-infra:build-controller",
+									},
+								},
 							},
 						},
 					},