Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1511895 - can't create deployment with privileged pod
Summary: can't create deployment with privileged pod
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: origin
Version: 26
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Adam Miller
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-11-10 11:29 UTC by Julius Milan
Modified: 2017-11-15 09:53 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-11-15 09:53:35 UTC


Attachments (Terms of Use)
yaml files (deleted)
2017-11-10 11:29 UTC, Julius Milan
no flags Details

Description Julius Milan 2017-11-10 11:29:30 UTC
Created attachment 1350431 [details]
yaml files

Description of problem:
can't create deployment (from yaml in attachment) containing privileged container, using "oc create -f abrt-deployment.yaml", but able to create identical pod from pod.yaml using "oc create -f pod.yaml"
according to https://www.mirantis.com/blog/introduction-to-yaml-creating-a-kubernetes-deployment/ it should work

Version-Release number of selected component (if applicable):
origin-3.6.0-1.fc26.x86_64

How reproducible:
always

Steps to Reproduce:
1. unpack attached files
2. create all pv-*.yaml and pvc-*yaml byt oc create -f
3. oc create -f abrt-deployment.yaml

Actual results:
(from Openshift Web Console:)
Error creating: pods "abrt-in-container.com-1988172535-" is forbidden: unable to validate against any security context constraint: [provider restricted: .spec.securityContext.hostNetwork: Invalid value: true: Host network is not allowed to be used provider restricted: .spec.securityContext.hostPID: Invalid value: true: Host PID is not allowed to be used securityContext.runAsUser: Invalid value: 0: UID on container abrt-containerized does not match required range. Found 0, required min: 1000050000 max: 1000059999 provider restricted: .spec.containers[0].securityContext.privileged: Invalid value: true: Privileged containers are not allowed provider restricted: .spec.containers[0].securityContext.hostNetwork: Invalid value: true: Host network is not allowed to be used provider restricted: .spec.containers[0].securityContext.hostPID: Invalid value: true: Host PID is not allowed to be used]

Expected results:
working pod

Additional info:


Note You need to log in before you can comment on or make changes to this bug.