You have to grant access to privileged to the service account in the
namespace - if you're running as cluster-admin, you can create
privileged pods, but a regular service account unless you add it:
oadm policy add-scc-to-user privileged -z default
where "default" is the service account that is used if you don't specify one.
On Wed, May 18, 2016 at 2:31 PM, Luis Pabón <lpa...@redhat.com> wrote:
>
>
> Hi all,
> I am able to easily deploy a POD with privileged mode enabled in my
> openshift cluster. I am also able to deploy a non-privileged application
> from a service/deploymentConfig template. But, I am unable to create a
> template which deploys a POD with privileged mode enabled. Is this possible?
> Here is a sample template:
>
> {
> "kind": "Template",
> "apiVersion": "v1",
> "metadata": {
> "name": "heketi",
> "annotations": {
> "description": "Heketi application",
> "tags": "glusterfs,heketi"
> }
> },
> "labels": {
> "template": "heketi"
> },
> "objects": [
> {
> "kind": "Service",
> "apiVersion": "v1",
> "metadata": {
> "name": "${NAME}",
> "annotations": {
> "description": "Exposes Heketi service"
> }
> },
> "spec": {
> "ports": [
> {
> "name": "rest-api",
> "port": 8080,
> "targetPort": 8080
> }
> ],
> "selector": {
> "name": "${NAME}"
> }
> }
> },
> {
> "kind": "DeploymentConfig",
> "apiVersion": "v1",
> "metadata": {
> "name": "${NAME}",
> "annotations": {
> "description": "Defines how to deploy Heketi"
> }
> },
> "spec": {
> "replicas": 1,
> "selector": {
> "name": "${NAME}"
> },
> "template": {
> "metadata": {
> "name": "${NAME}",
> "labels": {
> "name": "${NAME}"
> }
> },
> "triggers": [
> {
> "type": "ConfigChange"
> }
> ],
> "strategy": {
> "type": "Rolling"
> },
> "spec": {
> "containers": [
> {
> "securityContext" : {
> "capabilities" : {},
> "privileged" : true
> }
> "name": "heketi",
> "image": "heketi/heketi:dev",
> "ports": [
> {
> "containerPort": 8080
> }
> ],
> "volumeMounts": [
> {
> "name": "db",
> "mountPath": "/var/lib/heketi"
> }
> ],
> "readinessProbe": {
> "timeoutSeconds": 3,
> "initialDelaySeconds": 3,
> "httpGet": {
> "path": "/hello",
> "port": 8080
> }
> },
> "livenessProbe": {
> "timeoutSeconds": 3,
> "initialDelaySeconds": 30,
> "httpGet": {
> "path": "/hello",
> "port": 8080
> }
> }
> }
> ],
> "volumes": [
> {
> "name": "db"
> }
> ]
> }
> }
> }
> }
> ],
> "parameters": [
> {
> "name": "NAME",
> "displayName": "Name",
> "description": "The name assigned to all of the frontend objects
> defined in this template.",
> "required": true,
> "value": "heketi"
> }
> ]
> }
>
> _______________________________________________
> users mailing list
> users@lists.openshift.redhat.com
> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
_______________________________________________
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users
