Custom SCC prevents Runner Operator v1.13.0 from starting

A US Federal customer indicated that Runner Operator 1.13.0 introduced a custom SSC not shipped with Openshift, which has prevented the operator from starting.

The customer attempted to create a custom SCC with the SETFCAP capability, however, the custom SCC is not being applied to Openshift.

Here's the error output they provided:

status:
  conditions:
  - lastTransitionTime: "2023-04-20T20:06:58Z"
    message: 'pods "gitlab-runner-gltest-runner-6565fcf5d4-dp45f" is forbidden: unable
      to validate against any security context constraint: [pod.metadata.annotations.seccomp.security.alpha.kubernetes.io/pod:
      Forbidden: seccomp may not be set pod.metadata.annotations.container.seccomp.security.alpha.kubernetes.io/configure:
      Forbidden: seccomp may not be set pod.metadata.annotations.container.seccomp.security.alpha.kubernetes.io/runner:
      Forbidden: seccomp may not be set provider "anyuid": Forbidden: not usable by
      user or serviceaccount pod.metadata.annotations.seccomp.security.alpha.kubernetes.io/pod:
      Forbidden: seccomp may not be set pod.metadata.annotations.container.seccomp.security.alpha.kubernetes.io/configure:
      Forbidden: seccomp may not be set spec.initContainers[0].securityContext.capabilities.add:
      Invalid value: "SETFCAP": capability may not be added pod.metadata.annotations.container.seccomp.security.alpha.kubernetes.io/runner:
      Forbidden: seccomp may not be set spec.containers[0].securityContext.capabilities.add:
      Invalid value: "SETFCAP": capability may not be added provider "nonroot": Forbidden:
      not usable by user or serviceaccount provider "hostmount-anyuid": Forbidden:
      not usable by user or serviceaccount provider "elasticsearch-scc": Forbidden:
      not usable by user or serviceaccount provider "log-collector-scc": Forbidden:
      not usable by user or serviceaccount provider "machine-api-termination-handler":
      Forbidden: not usable by user or serviceaccount provider "hostnetwork": Forbidden:
      not usable by user or serviceaccount provider "hostaccess": Forbidden: not usable
      by user or serviceaccount provider "node-exporter": Forbidden: not usable by
      user or serviceaccount provider "privileged": Forbidden: not usable by user
      or serviceaccount provider "trident": Forbidden: not usable by user or serviceaccount]'
    reason: FailedCreate
    status: "True"
    type: ReplicaFailure
  observedGeneration: 1
  replicas: 0 

Relevant customer information:

• US Federal ticket (Internal access to verified US Citizens only)
• SFDC (internal)