Custom security context constraints for services
IBM Security Guardium Insights services use the restricted
security
context constraint (SCC) that is provided by Red Hat® OpenShift® Container Platform. However, if you
plan to install certain IBM Security Guardium Insights services, you might need to use some custom
SCCs.
Security Context Constraints requirements that use Red Hat OpenShift provide a set of predefined
SCCs that control the actions that a pod can perform and what it can access. These SCCs can be used,
modified, or extended by any administrator. By default, the execution of any container is granted
access to the restricted SCC and only the capabilities that are defined by that SCC.
restricted
SCC is namespace-scoped and not cluster-scoped. The predefined security
context constraints named 'restricted' that comes preinstalled with Red Hat OpenShift are verified
for the GI operator.