Custom SCC can break oauth if priority is 10 or higher

Solution Verified - Updated -

Issue

  • After creating a custom SCC with priority 10 or higher, authentication stays degraded during upgrades until custom scc is removed.
  • After creating a custom SCC with priority 10 or higher, whenever an oauth pod in openshift-authentication is deleted and a new one is spawned, the new pod stays in CreateContainerConfigError and won't start.

Environment

  • OpenShift Container Platform
    • 4.x

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content