[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Custom SCC assigned to wrong pods



I see the rational, thank you for quick response and knowledge.

On Wed, May 23, 2018 at 10:59 PM, Jordan Liggitt <jliggitt redhat com> wrote:
By making your SCC available to all authenticated users, it gets added to the set considered for every pod run by every service account:

users:
- system:serviceaccount:foo:foo-sa
groups:
- system:authenticated


If you want to limit it to just your foo-sa service account, you should remove the system:authenticated group from the SCC



On Wed, May 23, 2018 at 5:54 PM, Daniel Comnea <comnea dani gmail com> wrote:
Hi,

I'm running Origin 3.7.0 and i've created a custom SCC [1] which is being referenced by different Deployments objects using serviceAccountName: foo-scc-restricted.

Now the odd thing which i cannot explain is why glusterFS pods [2] which doesn't reference the new created serviceAccountName [3] do have the new custom scc being used [4]...is that normal or is a bug?



Cheers,
Dani

[1] https://gist.github.com/DanyC97/56070e3f1523e31c1ad96980df6d7fe5
[2] https://gist.github.com/DanyC97/6b7a15ed8de87951cee6d038646e0918
[3] https://gist.github.com/DanyC97/6b7a15ed8de87951cee6d038646e0918#file-glusterfs-deployment-yml-L65
[4] https://gist.github.com/DanyC97/6b7a15ed8de87951cee6d038646e0918#file-glusterfs-deployment-yml-L11

_______________________________________________
dev mailing list
dev lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/dev




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]