[ https://issues.apache.org/jira/browse/YUNIKORN-435?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17208023#comment-17208023 ]
Kinga Marton commented on YUNIKORN-435: --------------------------------------- [~vbm] can you please add some context to this failure?(like how did you installed it, versions, anything that can be relevant in reproducing this bug) I installed YK multiple times and I haven't seen this issue. > Admission-Controller pod goes into pending state because of default > serviceAccount > ---------------------------------------------------------------------------------- > > Key: YUNIKORN-435 > URL: https://issues.apache.org/jira/browse/YUNIKORN-435 > Project: Apache YuniKorn > Issue Type: Bug > Components: deployment, shim - kubernetes > Reporter: Vishwas > Assignee: Vishwas > Priority: Major > Labels: pull-request-available > > The admission controller pod which is created inside the scheduler pod uses > the wrong service account. > The admission controller pod is launched with default service account. This > causes the admission controller pod to be in pending state because of > insufficient privileges. > > Error message indicating pod in pending state: > {code:java} > NAME READY UP-TO-DATE > AVAILABLE AGE > deployment.apps/yunikorn-admission-controller 0/1 0 0 > 8m14s > deployment.apps/yunikorn-scheduler 1/1 1 1 > 8m20sNAME DESIRED > CURRENT READY AGE > replicaset.apps/yunikorn-admission-controller-854f64bcbf 1 0 > 0 8m14s > replicaset.apps/yunikorn-scheduler-585fcfbb46 1 1 > 1 8m20s > {code} > {code:java} > [root@vm5 vbm]# kubectl describe > replicaset.apps/yunikorn-admission-controller-854f64bcbf -n yunikorn > Name: yunikorn-admission-controller-854f64bcbf > Namespace: yunikorn > Selector: app=yunikorn,pod-template-hash=854f64bcbf > Labels: app=yunikorn > pod-template-hash=854f64bcbf > Annotations: deployment.kubernetes.io/desired-replicas: 1 > deployment.kubernetes.io/max-replicas: 2 > deployment.kubernetes.io/revision: 1 > Controlled By: Deployment/yunikorn-admission-controller > Events: > Type Reason Age From Message > ---- ------ ---- ---- ------- > Warning FailedCreate 19s (x13 over 40s) replicaset-controller Error > creating: pods "yunikorn-admission-controller-854f64bcbf-" is forbidden: > unable to validate against any pod security policy: > [spec.securityContext.hostNetwork: Invalid value: true: Host network is not > allowed to be used spec.containers[0].hostPort: Invalid value: 8443: Host > port 8443 is not allowed to be used. Allowed ports: []] > {code} -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@yunikorn.apache.org For additional commands, e-mail: issues-h...@yunikorn.apache.org