Instead of using a customized SecurityContext for pods, a Pod Security
Policy (PSP) or a SecurityContextConstraint should be used. These are
cluster-level resources that control the actions that a pod can perform
and what resource the pod may access. The SecurityContextDeny
disallows folks from setting a pod's securityContext fields.
Ensure that the list of admission controllers does not include
SecurityContextDeny:
$ oc -n openshift-kube-apiserver get configmap config -o json | jq -r '.data."config.yaml"' | jq '.apiServerArguments."enable-admission-plugins"'