6:[["$","$Le",null,{}],["$","div",null,{"className":"min-h-screen bg-gray-100 p-6","children":[["$","$Lf",null,{}],["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"QAPage\",\"mainEntity\":{\"@type\":\"Question\",\"name\":\"OpenShift: Add SCC to Service Account in Yaml\",\"text\":\"

Is there an equivalent for the following command in yaml? Using OpenShift 4.2 currently

\\n\\n

oc adm policy add-scc-to-user <scc_name> <user_name>\\n

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"Jeff Saremi\"},\"upvoteCount\":1,\"answerCount\":2,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"

There's example of SCC.\\nYou have to add element to 'users' list, so you can export the SCC and re-apply modifyed object.

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"Oligzeev\"},\"upvoteCount\":1}}}"}}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mb-6 relative","children":[["$","div",null,{"className":"absolute top-4 right-4 flex flex-wrap space-x-2","children":[["$","span","openshift",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/openshift/1","children":"openshift"}]}]]}],["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/7bc0bf9540b1944d4acef4fed8a01659?s=256&d=identicon&r=PG&f=y&so-version=2","alt":"Jeff Saremi","className":"w-16 h-16 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/5669031/jeff-saremi","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Jeff Saremi"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",3014]}]]}]]}],["$","h1",null,{"className":"text-2xl font-bold text-gray-800 mb-4","children":"OpenShift: Add SCC to Service Account in Yaml"}],["$","p",null,{"className":"text-gray-700 mt-4","dangerouslySetInnerHTML":{"__html":"

Is there an equivalent for the following command in yaml? Using OpenShift 4.2 currently

\n\n

oc adm policy add-scc-to-user <scc_name> <user_name>\n

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm mt-4","children":[["$","p",null,{"children":["Upvotes: ",1]}],["$","p",null,{"children":["Views: ",1987]}]]}]]}],["$","div",null,{"className":"container mx-auto","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-6","children":["Answers (",2,")"]}],[["$","div","79159974",{"className":"bg-white shadow-md rounded-lg p-6 mb-6","children":[["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://i.sstatic.net/PlFCE.png?s=256","alt":"Gas","className":"w-12 h-12 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/3701228/gas","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Gas"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",18030]}]]}]]}],["$","p",null,{"className":"text-gray-700 mb-4","dangerouslySetInnerHTML":{"__html":"

This command creates rol ebinding (if you omit namespace it creates cluster role binding) :

$ oc adm policy add-scc-to-user anyuid -z default -n your-namespace\nclusterrole.rbac.authorization.k8s.io/system:openshift:scc:anyuid added: "default"\n

You can do this by using the similar yaml
\n(this one is for default serviceAccount and anyuid scc, but should be similar for others):

kind: RoleBinding\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n  name: 'system:openshift:scc:anyuid'\n  namespace: <your-namespace>\nsubjects:\n  - kind: ServiceAccount\n    name: default\n    namespace: <your-namespace>\nroleRef:\n  apiGroup: rbac.authorization.k8s.io\n  kind: ClusterRole\n  name: 'system:openshift:scc:anyuid'\n

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm","children":["$","p",null,{"children":["Upvotes: ",1]}]}]]}],["$","div","60177804",{"className":"bg-white shadow-md rounded-lg p-6 mb-6","children":[["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://lh3.googleusercontent.com/-XdUIqdMkCWA/AAAAAAAAAAI/AAAAAAAAAAA/4252rscbv5M/photo.jpg?sz=256","alt":"Oligzeev","className":"w-12 h-12 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/10646123/oligzeev","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Oligzeev"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",511]}]]}]]}],["$","p",null,{"className":"text-gray-700 mb-4","dangerouslySetInnerHTML":{"__html":"

There's example of SCC.\nYou have to add element to 'users' list, so you can export the SCC and re-apply modifyed object.

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm","children":["$","p",null,{"children":["Upvotes: ",1]}]}]]}]]]}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mt-6","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-4","children":"Related Questions"}],["$","ul",null,{"className":"list-disc list-inside","children":[["$","li","54431595",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/54431595","className":"text-blue-600 hover:underline","children":"OpenShift - List serviceaccounts with privileged scc"}]}],["$","li","70361989",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/70361989","className":"text-blue-600 hover:underline","children":"how to use custom SCC in Kubernetes / openShift"}]}],["$","li","51657711",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/51657711","className":"text-blue-600 hover:underline","children":"openshift: allow serviceaccount to create project"}]}],["$","li","42310262",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/42310262","className":"text-blue-600 hover:underline","children":"Openshift: how to edit scc non-interactively?"}]}],["$","li","55018385",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/55018385","className":"text-blue-600 hover:underline","children":"How to find out to which 'user' I should add 'scc'?"}]}],["$","li","54382111",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/54382111","className":"text-blue-600 hover:underline","children":"declaratively mount a service account secret in OpenShift"}]}],["$","li","51727786",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/51727786","className":"text-blue-600 hover:underline","children":"Openshift: How to create a scc with SYS_LOCK capability"}]}],["$","li","51365193",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/51365193","className":"text-blue-600 hover:underline","children":"Openshift/kubernetes: map serviceaccount secret to an environment variable"}]}],["$","li","48646617",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/48646617","className":"text-blue-600 hover:underline","children":"Openshift - Applying RunOnlyAs SCC to pods within a deployment"}]}],["$","li","46367848",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/46367848","className":"text-blue-600 hover:underline","children":"Kubernetes service account custom token"}]}]]}]]}]]}],["$","$L11",null,{}],["$","$L12",null,{}],["$","$L13",null,{}],["$","$L14",null,{}],["$","$L15",null,{}]]

OpenShift: Add SCC to Service Account in Yaml

Answers (2)

Related Questions