Custom security context constraints for services

IBM Security Guardium Insights services use the restricted security context constraint (SCC) that is provided by Red Hat® OpenShift® Container Platform. However, if you plan to install certain IBM Security Guardium Insights services, you might need to use some custom SCCs.

Security Context Constraints requirements that use Red Hat OpenShift provide a set of predefined SCCs that control the actions that a pod can perform and what it can access. These SCCs can be used, modified, or extended by any administrator. By default, the execution of any container is granted access to the restricted SCC and only the capabilities that are defined by that SCC. restricted SCC is namespace-scoped and not cluster-scoped. The predefined security context constraints named 'restricted' that comes preinstalled with Red Hat OpenShift are verified for the GI operator.