Fixing PodSecurity Admission warnings for deployments

Issue

Why I am receiving warnings related to Pod Security even though the deployment is running with restricted-v2 SCC?

$ oc  create deployment hello-node --image=k8s.gcr.io/e2e-test-images/agnhost:2.33 -- /agnhost serve-hostname
Warning: would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "agnhost" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "agnhost" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "agnhost" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "agnhost" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
deployment.apps/hello-node created

$ oc describe pod hello-node-855787d74c-h99pg | grep scc
             openshift.io/scc: restricted-v2

Such warnings could be seen for pods running inside openshift-operators namespace as well.

Environment

Red Hat OpenShift Container Platform 4.11+

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Select Your Language

Fixing PodSecurity Admission warnings for deployments

Issue

Environment

Subscriber exclusive content

Current Customers and Partners

New to Red Hat?

Using a Red Hat product through a public cloud?

Quick Links

Help

Site Info

Related Sites

About

Red Hat legal and privacy links

Red Hat legal and privacy links

Issue

Environment

Subscriber exclusive content

Current Customers and Partners

New to Red Hat?

Using a Red Hat product through a public cloud?

Quick Links

Help

Site Info

Related Sites

Systems Status

About

Red Hat legal and privacy links

Red Hat legal and privacy links