diff --git a/README.md b/README.md
index 0a3a980..2e217bb 100644
--- a/README.md
+++ b/README.md
@@ -27,8 +27,8 @@ driver:
 - `projectNamespace` the namespace Project pods should run in
 - `projectSelector` a list of labels that should be used to select which nodes Project Pods
 should run on
-- `cloudProvider` can be left unset for none `aws` deployments. This triggers the adding of
-AWS EKS specific annotation for ALB Ingress.
+- `cloudProvider` normally not set, but can be `aws` This triggers the adding of
+AWS EKS specific annotation for ALB Ingress. or `openshift` to allow running on OpenShift (Enterprise license only)
 - `privateCA` name of ConfigMap holding PEM CA Cert Bundle (file name `certs.pem`) Optional
 - `certManagerIssuer` name of the ClusterIssuer to use to create HTTPS certs for instances (default not set)
 - `k8sRetries` how many times to retry actions against the K8s API
diff --git a/kubernetes.js b/kubernetes.js
index a99deef..c6a2f44 100644
--- a/kubernetes.js
+++ b/kubernetes.js
@@ -318,6 +318,10 @@ const createDeployment = async (project, options) => {
         localPod.spec.containers[0].env.push({ name: 'NODE_EXTRA_CA_CERTS', value: '/usr/local/ssl-certs/chain.pem' })
     }
 
+    if (this._app.license.active() && this._cloudProvider === 'openshift') {
+        localPod.spec.securityContext = {}
+    }
+
     if (stack.memory && stack.cpu) {
         localPod.spec.containers[0].resources.requests.memory = `${stack.memory}Mi`
         localPod.spec.containers[0].resources.limits.memory = `${stack.memory}Mi`
@@ -611,6 +615,7 @@ module.exports = {
         this._k8sRetries = this._app.config.driver.options?.k8sRetries || 10
         this._certManagerIssuer = this._app.config.driver.options?.certManagerIssuer
         this._logPassthrough = this._app.config.driver.options?.logPassthrough || false
+        this._cloudProvider = this._app.config.driver.options?.cloudProvider
 
         const kc = new k8s.KubeConfig()