Skip to content

Commit

Permalink
Address openshift documentation
Browse files Browse the repository at this point in the history
  • Loading branch information
akondur committed Nov 20, 2024
1 parent 44207b2 commit 977bd78
Showing 1 changed file with 6 additions and 6 deletions.
12 changes: 6 additions & 6 deletions docs/OpenShift.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,10 @@

The Splunk Operator will always start Splunk Enterprise containers using
a specific, unprivileged `splunk(41812)` user and group to allow write access
to Kubernetes PersistentVolumes. This follows best security practices,
which helps prevent any malicious actor from escalating access outside of the
container and compromising the host. For more information, please see the
Splunk Enterprise container's
[Documentation on Security](https://github.com/splunk/docker-splunk/blob/develop/docs/SECURITY.md).
to Kubernetes PersistentVolumes. This follows best security practices, helping
prevent malicious actors from escalating access beyond the container and
compromising the host. For more information, please see the Splunk Enterprise
container's [Documentation on Security](https://github.com/splunk/docker-splunk/blob/develop/docs/SECURITY.md).

The Splunk Enterprise pods are attached to the `default` serviceaccount or the configured
[serviceaccount](CustomResources.md#common-spec-parameters-for-splunk-enterprise-resources) if
Expand All @@ -16,7 +15,8 @@ and runs as user `1001`.
Users of Red Hat OpenShift may find that the default Security Context
Constraint is too restrictive. You can fix this by granting the appropriate
Service Accounts the `nonroot` Security Context Constraint by running the
following commands within your namespace:
following commands within your namespace. If you are using OpenShift 4.14
or later, you must use the nonroot-v2 Security Context Constraint instead.

For the Splunk Operator pod:
```
Expand Down

0 comments on commit 977bd78

Please sign in to comment.