|What is documented in that blog does work.|
oc adm policy add-scc-to-user anyuid system:serviceaccount:mysvcacct
oc adm policy add-scc-to-user anyuid -z mysvcacct
as the blog explains, and make sure you are in the correct project in case when you switched to admin you weren't, or add '-n yourprojectname' option to commands.
The form of what you ran is:
oc adm policy add-scc-to-user <scc_name> \
If you only have three parts to colon separate argument, it is interpreted as:
oc adm policy add-scc-to-group <scc_name> \
So you aren't strictly adding it to just the service account, but to all service accounts in namespace. That should have yielded same result, but maybe not and definitely probably not want you wanted, especially if you ran it in the wrong project.
I'm trying to allow Docker containers to be run in openshift using the user specified in the Dockerfile itself, without using a random user id. I see that its possible to do this using the command , where all authenticated users will be added to the anyuid group. Without doing this for all users, can I do it for one specific user? I tried the following:
- Create a service account in default project using command 
- Add the service account to the anyuid scc using command 
- Referred this service account name in the Deployment definition as shown in the sample 
However, still the container seems to start with a random user id. Is this approach incorrect? What is the link between service account and the user we set in the Docker images (with USER keyword)?
. oc adm policy add-scc-to-group anyuid system:authenticated
users mailing listusers lists openshift redhat com