Security Context Constraints (3)
Admission attribution computed from the openshift.io/scc annotation on each running pod. Sorted newest first by creationTimestamp.
| SCC | Priority | Privileged | HostNet | HostPID | HostIPC | RunAsUser | Pods admitted | Absent SA grants | Created |
|---|---|---|---|---|---|---|---|---|---|
| anyuid | 10 | no | no | no | no | RunAsAny | 3 | 1 absent | 1y |
| privileged priv | 10 | yes | yes | yes | yes | RunAsAny | 1 | 1 absent | 1y |
| restricted-v2 | — | no | no | no | no | MustRunAsRange | 1 | 0 | 1y |
An absent SA grant is an entry in scc.users of the form system:serviceaccount:<ns>:<name> whose ServiceAccount object is gone. SCC admission still matches the name string the moment the SA is recreated.