i am new to Openshift, i am deploying an daemonset, which creates a pod with one container in each node. i want to access respective nodes /proc/ directory from my pod.
I have achieved it with pods securityContext as privileged: true. but i dont want to grant the container broad access to the host system, potentially allowing it to interfere with other containers or the host itself.
so i how can i achieve my task by creating SecurityContextConstraints
Openshift Version - 4.13
thanks in advance..
Unfortunately, There is no configuration available to use HostPaths without configuring your pods as "privileged". Follow this link to Openshift's doc for more information. Check first important note.
I agree with you about take care of security configurations, and to have a privileged container must be done with grate care, but in fact, makes sense that your pod needs to be privileged if it's accessing directly to such an important Host path.
Small advice, if you need to update a SCC, is a good practice to make a copy of the original one, and edit the copy. This will prevent issues on the future, for example, during updates.
Hope this helps
KR