Add anyuid SCC to compute domain service account on OpenShift

Red Hat OpenShift blocks writing into `/etc`, causing the
following error in compute-domain-daemon pods:

```
IMEXDaemonUpdateLoop failed, initiate shutdown:
writeNodesConfig failed: failed to create nodes config file:
open /etc/nvidia-imex/nodes_config.cfg: permission denied
```

Binding `anyuid` SCC to the service account when run on OpenShift
solves this problem.

Signed-off-by: Vitaliy Emporopulo <[email protected]>

Author: empovit

deployments/helm/nvidia-dra-driver-gpu/templates/compute-domain-daemon-rbac.yaml

@@ -8,6 +8,7 @@ rules:
   resources: ["computedomains", "computedomains/status"]
   verbs: ["get", "list", "watch", "update", "patch"]
 
+{{- $root := . -}}
 {{- range $namespace := splitList "," (include "nvidia-dra-driver-gpu.namespaces" .) }}
 ---
 apiVersion: v1
@@ -28,4 +29,19 @@ roleRef:
   kind: ClusterRole
   name: compute-domain-daemon-role
   apiGroup: rbac.authorization.k8s.io
-{{- end }} 
+{{- if $root.Capabilities.APIVersions.Has "security.openshift.io/v1/SecurityContextConstraints" }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: compute-domain-daemon-anyuid-role-binding-{{ $namespace }}
+subjects:
+- kind: ServiceAccount
+  name: compute-domain-daemon-service-account
+  namespace: {{ $namespace }}
+roleRef:
+  kind: ClusterRole
+  name: system:openshift:scc:anyuid
+  apiGroup: rbac.authorization.k8s.io
+{{- end }}
+{{- end }}