You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: modules/ROOT/pages/kubernetes/openshift.adoc
+8Lines changed: 8 additions & 0 deletions
Original file line number
Diff line number
Diff line change
@@ -43,3 +43,11 @@ spec:
43
43
- name: WATCH_NAMESPACE
44
44
value: kafka-namespace
45
45
----
46
+
47
+
== Security context constraints
48
+
49
+
Starting with the release version `24.7.0`, all products run with the `nonroot-v2` security context constraints (SCC) on OpenShift. This security context is used by the product's cluster role.
50
+
51
+
Operators (with two exceptions) don't request a specific SCC to run with. Usually OpenShift will select the `restricted` or `restricted-v2` SCC unless the cluster admins have specifically assigned a different one to the namespace where the operators are running.
52
+
The two exceptions are the secret and the listener operators. These need additional permissions not available in the `restricted` SCCs to propagate volume mounts to the requesting pods.
0 commit comments