diff --git a/helm-chart/templates/14-openshift-security-context-constraints.yaml b/helm-chart/templates/14-openshift-security-context-constraints.yaml
new file mode 100644
index 000000000..f7f4fc04c
--- /dev/null
+++ b/helm-chart/templates/14-openshift-security-context-constraints.yaml
@@ -0,0 +1,53 @@
+{{- if .Capabilities.APIVersions.Has "security.openshift.io/v1/SecurityContextConstraints" }}
+apiVersion: security.openshift.io/v1
+kind: SecurityContextConstraints
+metadata:
+  labels:
+    {{- include "kubeshark.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": pre-install
+  {{- if .Values.tap.annotations }}
+    {{- toYaml .Values.tap.annotations | nindent 4 }}
+  {{- end }}
+  name: kubeshark-scc
+priority: 10
+allowPrivilegedContainer: true
+allowHostDirVolumePlugin: true
+allowHostNetwork: true
+allowHostPorts: true
+allowHostPID: true
+allowHostIPC: true
+readOnlyRootFilesystem: false
+requiredDropCapabilities:
+  - MKNOD
+allowedCapabilities:
+  - NET_RAW
+  - NET_ADMIN
+  - SYS_ADMIN
+  - SYS_PTRACE
+  - DAC_OVERRIDE
+  - SYS_RESOURCE
+  - CHECKPOINT_RESTORE
+  - SYS_MODULE
+runAsUser:
+  type: RunAsAny
+fsGroup:
+  type: MustRunAs
+seLinuxContext:
+  type: RunAsAny
+supplementalGroups:
+  type: RunAsAny
+seccompProfiles:
+- '*'
+volumes:
+  - configMap
+  - downwardAPI
+  - emptyDir
+  - persistentVolumeClaim
+  - secret
+  - hostPath
+  - projected
+  - ephemeral
+users:
+  - system:serviceaccount:{{ .Release.Namespace }}:kubeshark-service-account
+{{- end }}
diff --git a/helm-chart/values.yaml b/helm-chart/values.yaml
index a54cf5404..521961a88 100644
--- a/helm-chart/values.yaml
+++ b/helm-chart/values.yaml
@@ -6,7 +6,7 @@ tap:
     imagePullSecrets: []
   proxy:
     worker:
-      srvPort: 8897
+      srvPort: 30001
     hub:
       port: 8898
       srvPort: 8898