openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity
Files
2d159c8e25aa38e0ef37cae24566cd515df9a654
openshift-docs/authentication/managing-security-context-constraints.adoc
Andrea Hoffer 22ecbb3d18 OSDOCS#17381: Adding blank lines after includes
2025-11-20 17:24:32 +00:00

60 lines
2.7 KiB
Plaintext
Raw Blame History

:_mod-docs-content-type: ASSEMBLY
[id="managing-pod-security-policies"]
= Managing security context constraints
include::_attributes/common-attributes.adoc[]
:context: configuring-internal-oauth
toc::[]
In {product-title}, you can use security context constraints (SCCs) to control permissions for the pods in your cluster.
Default SCCs are created during installation and when you install some Operators or other components. As a cluster administrator, you can also create your own SCCs by using the OpenShift CLI (`oc`).
[IMPORTANT]
====
Do not modify the default SCCs. Customizing the default SCCs can lead to issues when some of the platform pods deploy or
ifndef::openshift-rosa,openshift-rosa-hcp[]
{product-title}
endif::[]
ifdef::openshift-rosa,openshift-rosa-hcp[]
ROSA
endif::openshift-rosa,openshift-rosa-hcp[]
is upgraded. Additionally, the default SCC values are reset to the defaults during some cluster upgrades, which discards all customizations to those SCCs.
ifdef::openshift-origin,openshift-enterprise,openshift-webscale,openshift-dedicated,openshift-rosa,openshift-rosa-hcp[]
Instead of modifying the default SCCs, create and modify your own SCCs as needed. For detailed steps, see xref:../authentication/managing-security-context-constraints.adoc#security-context-constraints-creating_configuring-internal-oauth[Creating security context constraints].
endif::[]
====
ifdef::openshift-dedicated[]
[NOTE]
====
In {product-title} deployments, you can create your own SCCs only for clusters that use the Customer Cloud Subscription (CCS) model. You cannot create SCCs for {product-title} clusters that use a Red Hat cloud account, because SCC resource creation requires `cluster-admin` privileges.
====
endif::openshift-dedicated[]
include::modules/security-context-constraints-about.adoc[leveloffset=+1]
include::modules/security-context-constraints-pre-allocated-values.adoc[leveloffset=+1]
include::modules/security-context-constraints-example.adoc[leveloffset=+1]
include::modules/security-context-constraints-creating.adoc[leveloffset=+1]
// Configuring a workload to require a specific SCC
include::modules/security-context-constraints-requiring.adoc[leveloffset=+1]
include::modules/security-context-constraints-rbac.adoc[leveloffset=+1]
include::modules/security-context-constraints-command-reference.adoc[leveloffset=+1]
[role="_additional-resources"]
[id="additional-resources_configuring-internal-oauth"]
== Additional resources
ifndef::openshift-rosa-hcp[]
* xref:../support/getting-support.adoc#getting-support[Getting support]
endif::openshift-rosa-hcp[]
ifdef::openshift-rosa-hcp[]
* xref:../support/getting-support.adoc#getting-support[Getting support]
endif::openshift-rosa-hcp[]
View Git Blame Copy Permalink