Ensure that you enable the restricted security context constraint or anyuid security
context constraint for the service account that is used for deployment of IBM® Sterling Intelligent
Promising on Red Hat®
OpenShift® Container
Platform. If you use restricted security context constraint,
the UID range in the namespace must be within the specified range that is
1000/100
.
Procedure
- Run the following command to enable the security context constraint.
oc adm policy add-scc-to-user <name_of_SCC> -z <service_account_name> -n <namespace>
The value for <name_of_SCC> can be a restricted security context constraint
or anyuid security context constraint. Use the restricted security context constraint.
- If you use the restricted security context constraint, ensure that the UID
range in the namespace is within the specified range that is
1000/100
.
To change the range for a namespace, use either command-line interface or Red Hat
OpenShift Container
Platform.
In the Red Hat
OpenShift Container
Platform console, complete the following steps.
- From the side navigation menu, go to
.
- Go to Resources tab and search for a namespace.
- From the search results, select the namespace that you want to change the range of.
- Go to the YAML tab and update the following two annotations to change the
user range in that namespace.
openshift.io/sa.scc.supplemental-groups: 1000/100
openshift.io/sa.scc.uid-range: 1000/100
Alternatively, use the command-line tool,
oc
, and run the following
command.
oc annotate namespace <sip_namespace> openshift.io/sa.scc.supplemental-groups=1000/100 --overwrite=true
oc annotate namespace <sip_namespace> openshift.io/sa.scc.uid-range=1000/100 --overwrite=true