How does SCC works on OpenShift

SCC (security context constraints) =================================== oc create deploy app1 --image=nginx oc get po Check what scc and serviceaccount is used oc get deploy app1 -o yaml | oc adm policy scc-subject-review -f - oc get deploy app1 -o yaml | grep -i serviceaccount Its mean the service account is using the scc not allowed to run pod. Now create a new sa. oc create sa app1-sa Allow service account to use the proper scc in namespace/project oc adm policy add-scc-to-user anyuid -z app1-sa -n projectname Above command will create a rolebinding in namespace Change the serviceaccount at runtime. oc set sa deploy app1 sa-name -n projectname Now dig down the created rolebinding and associated role. How does scc relate to deployment deployment -to- serviceaccount -to- clusterrolebinding (clusterrole + Serviceaccount) -to- scc openshift openshift 4.10 openshift red hat openshift admins openshift gitops openshift security openshift tutorial openshift pipelines openshift platform plus openshift (conference sponsor) red hat openshift container platform openshift security context constraints open source,open technology open hybrid cloud software development developer permission application development #openshift #redhat