If you want to use container images not found in the Red Hat Container Catalog, you can use other arbitrary container images in your OpenShift Container Platform instance, for example those found on the Docker Hub.
For OpenShift Container Platform-specific guidelines on running containers using an arbitrarily assigned user ID, see Support Arbitrary User IDs in the Creating Images guide.
For supportability details, see the Production Support Scope of Coverage as defined in the OpenShift Container Platform Support Policy.
OpenShift Container Platform runs containers on hosts in the cluster, and in some cases, such
as build operations and the registry service, it does so using privileged
containers. Furthermore, those containers access the hosts' Docker daemon and
docker build and
docker push operations. As such, cluster
administrators should be aware of the inherent security risks associated with
docker run operations on arbitrary images as they effectively have
root access. This is particularly relevant for
docker build operations.
Exposure to harmful containers cam be limited by assigning specific builds to nodes so that any exposure is limited to those nodes. To do this, see the Assigning Builds to Specific Nodes section of the Developer Guide. For cluster administrators, see the Configuring Global Build Defaults and Overrides section of the Installation and Configuration Guide.
You can also use security context constraints to control the actions that a pod can perform and what it has the ability to access. For instructions on how to enable images to run with USER in the Dockerfile, see Managing Security Context Constraints (requires a user with cluster-admin privileges).
For more information, see these articles: