anyuid
security contextThe Docker images that Oracle publishes default to the container user
as oracle
, which is UID 1000
and GID 1000
. When running the
Oracle images or layered images that retain the default user as
oracle
with OpenShift, the anyuid
security context constraint
is required to ensure proper access to the file system within the
Docker image. This means that the administrator must:
anyuid
security content is grantedopenshift.io/scc: anyuid
For example, to update the OpenShift policy, use:
$ oc adm policy add-scc-to-user anyuid -z default
and to annotate the WebLogic containers, update the WebLogic Domain
resource
to include annotations
for the serverPod
. For example:
kind: Domain
metadata:
name: domain1
spec:
domainUID: domain1
serverPod:
env:
- name: var1
value: value1
annotations:
openshift.io/scc: anyuid
For additional information about OpenShift requirements and the operator, see the OpenShift section in the User Guide.
When the user that installs an individual instance of the operator does not have the required privileges to create resources at the Kubernetes cluster level, a dedicated namespace can be used for the operator instance and all the WebLogic domains that it manages. For more details about the dedicated
setting, please refer to Operator Helm configuration values.