Openshift SCC for Pod Does Not Get Updated

382 Views Asked by chaooder At 19 July 2022 at 13:39

I am using openshift 4.8.41, and I tried to provide my simple Deployment (using default SA) with a non-default SCC.

I kept trying various ways to update the SCC, as per the docs, e.g.:

oc adm policy add-scc-to-user <myscc> -z default
oc adm policy add-scc-to-user <myscc> system:serviceaccount:default:default
oc adm policy add-scc-to-group <myscc> system:serviceaccounts:default

But the pod kept having the wrong SCC annotation: openshift.io/scc: restricted

How can I update my Deployment or policies to allow my deployment pods to pick up the right SCC?

Original Q&A

There are 1 best solutions below

chaooder On 23 July 2022 at 09:19

Not sure what would be the best solution to this, but I resolved this issue eventually by adding the capability manually to the deployment, and then rollout restart the deployment.

...
securityContext:
  capabilities:
    add:
    - NET_BIND_SERVICE
...

Thereafter, this capability is added, and the pods weirdly came out with the correct openshift.io/scc: <myscc> annotation

Openshift SCC for Pod Does Not Get Updated

There are 1 best solutions below

Related Questions in KUBERNETES

Related Questions in OPENSHIFT

Related Questions in OPENSHIFT-ENTERPRISE

Trending Questions

Popular # Hahtags

Popular Questions