OpenShift Security Context Constraints: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
Line 13: Line 13:
=Overview=
=Overview=


OpenShift uses Security Context Constraints (SCCs) to control the actions that a pod, and ultimately, a container, can perform and what it has the ability to access.
OpenShift uses Security Context Constraints (SCCs) to control the actions that a pod, and ultimately, a container, can perform and what resources it has the ability to access, security features, access to host features, etc.
 
A ''Security Context Constraint (SCC)'' is an OpenShift primitive that defines capability declarations used by the [[#Access_Controller|access controller]] to validate pod-related requests. The capabilities are expressed as booleans, lists and [[#Strategy|strategies]]. The boolean fields default to the most restrictive values. Values of a list field are checked agains the set to ensure the value is allowed.
 
=Strategy=
 
A ''strategy'' implies a mechanism to generate the value and a mechanism to insure that a specified value falls into a set of allowable values.
 
 
 
 
=Access Controller=

Revision as of 19:38, 23 January 2018

External

Internal

Overview

OpenShift uses Security Context Constraints (SCCs) to control the actions that a pod, and ultimately, a container, can perform and what resources it has the ability to access, security features, access to host features, etc.

A Security Context Constraint (SCC) is an OpenShift primitive that defines capability declarations used by the access controller to validate pod-related requests. The capabilities are expressed as booleans, lists and strategies. The boolean fields default to the most restrictive values. Values of a list field are checked agains the set to ensure the value is allowed.

Strategy

A strategy implies a mechanism to generate the value and a mechanism to insure that a specified value falls into a set of allowable values.



Access Controller