BZ1894063: Added important block on using pods deployment in SSC

xenolinux · xenolinux · commit bde949eec20f · 2023-01-19T18:38:08.000+05:30
diff --git a/modules/security-context-constraints-about.adoc b/modules/security-context-constraints-about.adoc
@@ -319,6 +319,11 @@ user identity and groups that the user belongs to. Additionally, if the pod
 specifies a service account, the set of allowable SCCs includes any constraints
 accessible to the service account.
 
+[IMPORTANT]
+====
+When creating pods directly, SCCs admission considers SCC permissions of both the caller and the Service Account that runs the pod. When a pod is created by a pod controller such as a deployment or a job, only Service Account SCC permissions are considered.
+====
+
 Admission uses the following approach to create the final security context for
 the pod:
 
