Applying Security Context Constraints
Security Context Constraints (SCC's) must be applied in order to run privileged or setuid containers on OpenShift, which is a distinct requirement over that of vanilla Kubernetes.
Adding an SCC to the Operator Metadata
SCC's must be applied to the service account which will run the application/operand pods that get managed by the operator. This is done by editing the CSV yaml file from the metadata bundle of your community operator.
Below is an example SCC applied to a named service account in a hypothetical CSV yaml file:
Managing SCCs for Multiple Service Accounts
It's worth noting that the clusterPermissions
field is an array, so you can list multiple service accounts with a corresponding SCC (or SCCs) applied to each service account. See the below example:
Last updated
Was this helpful?