From c863e9e9e81776d13cfccf27f5a227fdef9cf5e8 Mon Sep 17 00:00:00 2001
From: Tim O'Keefe <tokeefe@redhat.com>
Date: Tue, 5 Sep 2023 18:15:59 -0400
Subject: [PATCH] Remove anyuid instructions for OpenShift (#13795)

* Remove anyuid instructions for OpenShift

These instructions are no longer needed after these changes https://github.com/istio/istio/pull/45394

* Removed blank line that caused failure
---
 .../setup/platform-setup/openshift/index.md   | 23 -------------------
 1 file changed, 23 deletions(-)

diff --git a/content/en/docs/setup/platform-setup/openshift/index.md b/content/en/docs/setup/platform-setup/openshift/index.md
index eb6dc90b8f13..939b5a89901e 100644
--- a/content/en/docs/setup/platform-setup/openshift/index.md
+++ b/content/en/docs/setup/platform-setup/openshift/index.md
@@ -13,15 +13,6 @@ test: no
 
 Follow these instructions to prepare an OpenShift cluster for Istio.
 
-By default, OpenShift doesn't allow containers running with user ID 1337.
-You must enable containers running with UID 1337 for Istio's service accounts
-by running the command below. Make sure to replace `istio-system` if you are
-deploying Istio in another namespace:
-
-{{< text bash >}}
-$ oc adm policy add-scc-to-group anyuid system:serviceaccounts:istio-system
-{{< /text >}}
-
 Install Istio using the OpenShift profile:
 
 {{< text bash >}}
@@ -33,17 +24,3 @@ After installation is complete, expose an OpenShift route for the ingress gatewa
 {{< text bash >}}
 $ oc -n istio-system expose svc/istio-ingressgateway --port=http2
 {{< /text >}}
-
-## Security context constraints for application sidecars
-
-The Istio sidecar injected into each application pod runs with user ID 1337, which is not allowed by default in OpenShift. To allow this user ID to be used, execute the following commands. Replace `<target-namespace>` with the appropriate namespace.
-
-{{< text bash >}}
-$ oc adm policy add-scc-to-group anyuid system:serviceaccounts:<target-namespace>
-{{< /text >}}
-
-When removing your application, remove the permissions as follows.
-
-{{< text bash >}}
-$ oc adm policy remove-scc-from-group anyuid system:serviceaccounts:<target-namespace>
-{{< /text >}}