[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Custom SCC assigned to wrong pods

Valid points, thank you. I'll reconsider my approach

On Wed, Jun 20, 2018 at 9:17 AM, Vyacheslav Semushin <vsemushi redhat com> wrote:
2018-06-20 8:22 GMT+02:00 Daniel Comnea <comnea dani gmail com>:
Thanks Slava for reply.

For everyone benefit (in case others come across the same issue) it was all down to my custom scc priority which was null. Once i set it to a value higher than 0 ( default 'restricted' scc has 0) then everything works as expected.

If it's possible, it's better to modify a pod manifest to explicitly request everything that it expects to have. If your custom SCC was beaten by the "restricted" SCC, it means that for the system these SCCs were recognized as covering everything a pod needs to have. If a pod needs something that the "restricted" SCC doesn't provide, this pod should request for it and "restricted" SCC won't be selected at all because it doesn't fulfill the request.

While an approach with priority field works, it could stop working when a user will be granted access to yet another SCC with a higher priority (for example, "anyuid").


Slava Semushin | OpenShift

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]