Valid points, thank you. I'll reconsider my approach On Wed, Jun 20, 2018 at 9:17 AM, Vyacheslav Semushin <[email protected]> wrote:
> 2018-06-20 8:22 GMT+02:00 Daniel Comnea <[email protected]>: > >> Thanks Slava for reply. >> >> For everyone benefit (in case others come across the same issue) it was >> all down to my custom scc *priority* which was *null*. Once i set it to >> a value higher than 0 ( default 'restricted' scc has 0) then everything >> works as expected. >> > > If it's possible, it's better to modify a pod manifest to explicitly > request everything that it expects to have. If your custom SCC was beaten > by the "restricted" SCC, it means that for the system these SCCs were > recognized as covering everything a pod needs to have. If a pod needs > something that the "restricted" SCC doesn't provide, this pod should > request for it and "restricted" SCC won't be selected at all because it > doesn't fulfill the request. > > While an approach with priority field works, it could stop working when a > user will be granted access to yet another SCC with a higher priority (for > example, "anyuid"). > > HTH > > -- > Slava Semushin | OpenShift >
_______________________________________________ dev mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
