-
Notifications
You must be signed in to change notification settings - Fork 15
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add SCC to the Service Account in OCP #51
Comments
Upon further investigation it was discovered that the SCC couldn't be created due to being a cluster-scoped resource. As such, it couldn't have a namespaced resource as owner. Until a more suitable alternative is found the user will need to apply a valid SCC to the service account being used by the operator when using the community Nexus image. When using the Red Hat certified image this is no longer necessary after #81 as it sets the container user/group to one in the range defined by the |
Re-opening as we'll be able to create the SCC after #161 |
Having the operator's Service Account using a restrictive SCC would improve the operator's security.
I have an initial implementation of this that is failing to build due to some dependency issues. The libraries we're using seem to be somewhat incompatible as they are now, let's keep a close watch to continue this as soon as possible.
At the moment the cluster admin must add an SCC to the Service Account in order to be able to start pods correctly in OCP 3.x. (#41) and if this was implemented it wouldn't be necessary.
The text was updated successfully, but these errors were encountered: