SCC restricted-v2
Configuration
| priority | — |
| allowPrivilegedContainer | False |
| allowPrivilegeEscalation | False |
| allowHostNetwork | False |
| allowHostPID | False |
| allowHostIPC | False |
| readOnlyRootFilesystem | |
| runAsUser.type | MustRunAsRange |
Granted to
Users (0)
none
Groups (1)
- system:authenticated
Pods admitted under this SCC (1)
Expandable summaries below show namespaces, images, and every pod admitted with this SCC. Click a summary row to open the table.
By namespace (1)
| Namespace | Pods |
|---|---|
| openshift-authentication | 1 |
By image (1)
| Image | Registry | Containers |
|---|---|---|
| quay.io/openshift-release-dev/ocp-release@sha256:fake | quay.io | 1 |
All admitted pods (1)
| ServiceAccount | Pod | Namespace | Phase | Owner | Created |
|---|---|---|---|---|---|
| default | oauth-server | openshift-authentication | Running | 1y |
Subjects that can use this SCC (1 of 6)
Direct SCC grants and RBAC use grants. Ghost ServiceAccounts
here are potential admissions: recreating the same SA name reactivates
the SCC grant.
| Subject | Created | State | Granted via | Scope / note |
|---|---|---|---|---|
| User alice | 1y | user present |
ClusterRoleBinding/platform-admins-cluster-admin (via platform-admins)
(RBAC use grant)
role cluster-admin
|
can use this SCC now if authenticated |