July 2018
Intermediate to advanced
504 pages
11h 34m
English
Content preview from Learn OpenShift
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Security context constraints
Before we start, let's bring up MiniShift environment again:
$ minishift start --openshift-version 3.9.0 --vm-driver virtualbox...<output omitted>...
Another mechanism for controlling the behavior of pods is security context constraints (SCCs). These cluster-level resources define what resources can be accessed by pods and provide an additional level of control. By default, OpenShift supports seven SCCs:
$ oc login -u system:admin...<output omitted>...$ oc get sccanyuid ...hostaccess ...hostmount-anyuid ...hostnetwork ...nonroot ...privileged ...restricted ...
You may notice anyuid SCC we used in the subsection "Creating custom roles" to solve the problem with container's permissions.
By default, all pods, except ...