[jira] [Resolved] (YUNIKORN-435) Admission-Controller pod goes into pending state because of default serviceAccount

[Kinga Marton (Jira)]

     [ 
https://issues.apache.org/jira/browse/YUNIKORN-435?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Kinga Marton resolved YUNIKORN-435.
-----------------------------------
    Fix Version/s: 0.10
       Resolution: Fixed

Thank you [~vbm] for the clarification and for the fix.

Thanks [~adam.antal] for the validation.

I merged the PRs to the master branch.

> Admission-Controller pod goes into pending state because of default 
> serviceAccount
> ----------------------------------------------------------------------------------
>
>                 Key: YUNIKORN-435
>                 URL: https://issues.apache.org/jira/browse/YUNIKORN-435
>             Project: Apache YuniKorn
>          Issue Type: Bug
>          Components: deployment, shim - kubernetes
>            Reporter: Vishwas
>            Assignee: Vishwas
>            Priority: Major
>              Labels: pull-request-available
>             Fix For: 0.10
>
>
> The admission controller pod which is created inside the scheduler pod uses 
> the wrong service account.
> The admission controller pod is launched with default service account. This 
> causes the admission controller pod to be in pending state because of 
> insufficient privileges.
>  
> Error message indicating pod in pending state:
> {code:java}
> NAME                                            READY   UP-TO-DATE   
> AVAILABLE   AGE
> deployment.apps/yunikorn-admission-controller   0/1     0            0        
>    8m14s
> deployment.apps/yunikorn-scheduler              1/1     1            1        
>    8m20sNAME                                                       DESIRED   
> CURRENT   READY   AGE
> replicaset.apps/yunikorn-admission-controller-854f64bcbf   1         0        
>  0       8m14s
> replicaset.apps/yunikorn-scheduler-585fcfbb46              1         1        
>  1       8m20s
> {code}
> {code:java}
> [root@vm5 vbm]# kubectl describe 
> replicaset.apps/yunikorn-admission-controller-854f64bcbf -n yunikorn
> Name:           yunikorn-admission-controller-854f64bcbf
> Namespace:      yunikorn
> Selector:       app=yunikorn,pod-template-hash=854f64bcbf
> Labels:         app=yunikorn
>                 pod-template-hash=854f64bcbf
> Annotations:    deployment.kubernetes.io/desired-replicas: 1
>                 deployment.kubernetes.io/max-replicas: 2
>                 deployment.kubernetes.io/revision: 1
> Controlled By:  Deployment/yunikorn-admission-controller
> Events:
>   Type     Reason        Age                 From                   Message
>   ----     ------        ----                ----                   -------
>   Warning  FailedCreate  19s (x13 over 40s)  replicaset-controller  Error 
> creating: pods "yunikorn-admission-controller-854f64bcbf-" is forbidden: 
> unable to validate against any pod security policy: 
> [spec.securityContext.hostNetwork: Invalid value: true: Host network is not 
> allowed to be used spec.containers[0].hostPort: Invalid value: 8443: Host 
> port 8443 is not allowed to be used. Allowed ports: []]
> {code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@yunikorn.apache.org
For additional commands, e-mail: dev-h...@yunikorn.apache.org