By making your SCC available to all authenticated users, it gets added to the set considered for every pod run by every service account:If you want to limit it to just your foo-sa service account, you should remove the system:authenticated group from the SCC
- system:serviceaccount:foo:foo- sa
groups: On Wed, May 23, 2018 at 5:54 PM, Daniel Comnea <comnea dani gmail com> wrote:______________________________DaniCheers,Now the odd thing which i cannot explain is why glusterFS pods  which doesn't reference the new created serviceAccountName  do have the new custom scc being used ...is that normal or is a bug?Hi,I'm running Origin 3.7.0 and i've created a custom SCC  which is being referenced by different Deployments objects using serviceAccountName: foo-scc-restricted.
7/6b7a15ed8de87951cee6d038646e 0918#file-glusterfs- deployment-yml-L65
7/6b7a15ed8de87951cee6d038646e 0918#file-glusterfs- deployment-yml-L11 _________________
dev mailing list
dev lists openshift redhat com