diff --git a/manifests/.DS_Store b/manifests/.DS_Store
index b9108d9..1f35663 100644
Binary files a/manifests/.DS_Store and b/manifests/.DS_Store differ
diff --git a/manifests/scc/scc-minio-restricted-rolebinding.yaml b/manifests/scc/scc-minio-restricted-rolebinding.yaml
new file mode 100644
index 0000000..d4d2dd4
--- /dev/null
+++ b/manifests/scc/scc-minio-restricted-rolebinding.yaml
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: calibre-sa-restricted-s6
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:openshift:scc:restricted-s6
+subjects:
+  - kind: ServiceAccount
+    name: calibre-sa
+    namespace: calibre
\ No newline at end of file
diff --git a/manifests/scc/scc-minio-restricted.yaml b/manifests/scc/scc-minio-restricted.yaml
new file mode 100644
index 0000000..fed864d
--- /dev/null
+++ b/manifests/scc/scc-minio-restricted.yaml
@@ -0,0 +1,37 @@
+apiVersion: security.openshift.io/v1
+kind: SecurityContextConstraints
+metadata:
+  name: minio-restricted
+allowHostDirVolumePlugin: false
+allowHostIPC: false
+allowHostNetwork: false
+allowHostPID: false
+allowHostPorts: false
+allowPrivilegeEscalation: false
+allowPrivilegedContainer: false
+allowedCapabilities: null
+defaultAddCapabilities: null
+fsGroup:
+  type: MustRunAs
+  ranges:
+    - min: 1000
+      max: 1000
+priority: null
+readOnlyRootFilesystem: false
+requiredDropCapabilities:
+  - MKNOD
+  - ALL
+runAsUser:
+  type: MustRunAs
+  uid: 501
+seLinuxContext:
+  type: MustRunAs
+supplementalGroups:
+  type: RunAsAny
+volumes:
+  - configMap
+  - downwardAPI
+  - emptyDir
+  - persistentVolumeClaim
+  - projected
+  - secret