How to find scc associated with a service account ? kubectl describe doesn’t;t report anything . Thanks !
What do you mean by an “scc”. This is not a thing as far as I know 
Could you define it please? What does “scc” stand for?
Thanks @rob_kodekloud . Scc means security context constraint.
Example of pod definition file
spec:
containers:
- command:
- sh
- -c
- echo "Hello from user $(id -u)" && sleep infinity
image: ubi8/ubi-minimal
imagePullPolicy: Always
name: ubi-minimal
resources: {}
securityContext:
runAsGroup: 5678
runAsNonRoot: true
runAsUser: 1234
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/opt/app/data
name: data
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: kube-api-access-bt5p2
readOnly: true
dnsPolicy: ClusterFirst
enableServiceLinks: true
imagePullSecrets:
- name: scc-tutorial-sa-dockercfg-87zhg
nodeName: worker-1.saksecure.lab.upshift.rdu2.redhat.com
preemptionPolicy: PreemptLowerPriority
priority: 0
restartPolicy: Always
schedulerName: default-scheduler
securityContext:
fsGroup: 5555
supplementalGroups:
- 5777
- 5888
serviceAccount: scc-tutorial-sa
Any idea why two security context are defined, one at the pod level and other at container level . Thanks !
The securityContext for the pod covers different things than the securityContext for the container. Containers, for example, support specifying Linux capabilities, for example, which the pod level does not support. Some fields, like runAsUser, can appear in either. Compare the output of
k explain pod.spec.containers.securityContext --recursive
and
k explain pod.spec.securityContext --recursive
to get an idea which are allowed in which usage.