Custom SCCs being bound to OpenShift system pods in Red Hat OpenShift Container Platform 4.x

Issue

We are defining a lot of custom SCCs on our cluster to fulfill our different use cases.

Even though the different SCCs do not necessarily have higher priority values (some do, some don't), system pods are matched by the custom SCCs instead of being matched by the OpenShift default SCCs. In most cases, this is currently not creating issues, but we fear that this may have an impact in the future (such as with upgrades, etc.)

The matching happens due to OpenShift's prioritization rules and due to the fact the the cluster-admin role (which is used by many system pods) can use any SCC.

1. The highest priority SCCs are ordered first.
2. If the priorities are equal, the SCCs are sorted from most restrictive to least restrictive.
3. If both the priorities and restrictions are equal, the SCCs are sorted by name.

But this limits our use for SCCs. When we create a custom SCC, it is difficult to know if and why it will be applied to a system pod, and we might potentially only discover at a later point in time (after system pod restart) that SCCs were actually applied to system pods.