OpenShift version: 3.10
There are by default 7 SCCs in OpenShift, but that may not satisfy the demands and it’s better to create a new dedicated one to use for non-root deployment.
To get basic understand about
SCC
, see my blog<<OpenShift Security Context Constraint>>
.
7 default existing SCCs are:
1 | oc get scc |
Don’t forget to examine SCC, such as oc describe scc privileged
.
SCC Yaml Demo
How to write SCC yaml and what does each field mean? OpenShift SCC official
Create a file named as scc-customized.yaml
, carefully fill the value to satisfy the demands
1 | kind: SecurityContextConstraints |
1 | oc create -f scc-customized.yaml |
Then, for example, you can bind default
service account to this SCC
:
1 | oc adm policy add-scc-to-user scc-customized system:serviceaccount:<project>:default |
A
default
service account is used by all other pods unless they specify a different service account.