[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Using Custom SCC and Service Account in Deployment

Hi all,

I'm trying to allow Docker containers to be run in openshift using the user specified in the Dockerfile itself, without using a random user id. I see that its possible to do this using the command [1], where all authenticated users will be added to the anyuid group. Without doing this for all users, can I do it for one specific user? I tried the following:
  1. Create a service account in default project using command [2]
  2. Add the service account to the anyuid scc using command [3]
  3. Referred this service account name in the Deployment definition as shown in the sample [4]

However, still the container seems to start with a random user id. Is this approach incorrect? What is the link between service account and the user we set in the Docker images (with USER keyword)?

[1]. oc adm policy add-scc-to-group anyuid system:authenticated

[2]. oc create serviceaccount mysvcacct

[3]. oc adm policy add-scc-to-user anyuid system:serviceaccount:mysvcacct

[4]. https://blog.openshift.com/understanding-service-accounts-sccs/

Thanks and Regards,

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]