Prerequisites for Post-Update Security Hardening

• Ensure that your environment is running version 26.6 or later. If you are running a version earlier than 26.6, update the environment to version 26.6 or later.
• For OpenShift environments, complete the OpenShift-specific post-update SCC configuration steps. For more information, see Prerequisites for Updating to Version 26.6.
• For the SCM pod:
  • Select the runAsUser and fsGroup values.
  • Set runAsGroup to 0.
• For the Siebel pods, select the runAsUser, runAsGroup, and fsGroup values.
• For non-OpenShift Kubernetes clusters, choose any non-root values.
• For OpenShift, describe the SCM and Siebel namespaces to identify the allowed security context ranges:
  • Select runAsUser from the openshift.io/sa.scc.uid-range value.
  • Select fsGroup by using the first ID from openshift.io/sa.scc.supplemental-groups.

  kubectl get namespace <SCM namespace name> -o jsonpath='openshift.io/sa.scc.uid-range={.metadata.annotations.openshift\.io/sa\.scc\.uid-range}{"\n"}openshift.io/sa.scc.supplemental-groups={.metadata.annotations.openshift\.io/sa\.scc\.supplemental-groups}{"\n"}'
  kubectl get namespace <Siebel namespace name> -o jsonpath='openshift.io/sa.scc.uid-range={.metadata.annotations.openshift\.io/sa\.scc\.uid-range}{"\n"}openshift.io/sa.scc.supplemental-groups={.metadata.annotations.openshift\.io/sa\.scc\.supplemental-groups}{"\n"}'