You have to grant access to privileged to the service account in the namespace - if you're running as cluster-admin, you can create privileged pods, but a regular service account unless you add it:
oadm policy add-scc-to-user privileged -z default where "default" is the service account that is used if you don't specify one. On Wed, May 18, 2016 at 2:31 PM, Luis Pabón <lpa...@redhat.com> wrote: > > > Hi all, > I am able to easily deploy a POD with privileged mode enabled in my > openshift cluster. I am also able to deploy a non-privileged application > from a service/deploymentConfig template. But, I am unable to create a > template which deploys a POD with privileged mode enabled. Is this possible? > Here is a sample template: > > { > "kind": "Template", > "apiVersion": "v1", > "metadata": { > "name": "heketi", > "annotations": { > "description": "Heketi application", > "tags": "glusterfs,heketi" > } > }, > "labels": { > "template": "heketi" > }, > "objects": [ > { > "kind": "Service", > "apiVersion": "v1", > "metadata": { > "name": "${NAME}", > "annotations": { > "description": "Exposes Heketi service" > } > }, > "spec": { > "ports": [ > { > "name": "rest-api", > "port": 8080, > "targetPort": 8080 > } > ], > "selector": { > "name": "${NAME}" > } > } > }, > { > "kind": "DeploymentConfig", > "apiVersion": "v1", > "metadata": { > "name": "${NAME}", > "annotations": { > "description": "Defines how to deploy Heketi" > } > }, > "spec": { > "replicas": 1, > "selector": { > "name": "${NAME}" > }, > "template": { > "metadata": { > "name": "${NAME}", > "labels": { > "name": "${NAME}" > } > }, > "triggers": [ > { > "type": "ConfigChange" > } > ], > "strategy": { > "type": "Rolling" > }, > "spec": { > "containers": [ > { > "securityContext" : { > "capabilities" : {}, > "privileged" : true > } > "name": "heketi", > "image": "heketi/heketi:dev", > "ports": [ > { > "containerPort": 8080 > } > ], > "volumeMounts": [ > { > "name": "db", > "mountPath": "/var/lib/heketi" > } > ], > "readinessProbe": { > "timeoutSeconds": 3, > "initialDelaySeconds": 3, > "httpGet": { > "path": "/hello", > "port": 8080 > } > }, > "livenessProbe": { > "timeoutSeconds": 3, > "initialDelaySeconds": 30, > "httpGet": { > "path": "/hello", > "port": 8080 > } > } > } > ], > "volumes": [ > { > "name": "db" > } > ] > } > } > } > } > ], > "parameters": [ > { > "name": "NAME", > "displayName": "Name", > "description": "The name assigned to all of the frontend objects > defined in this template.", > "required": true, > "value": "heketi" > } > ] > } > > _______________________________________________ > users mailing list > users@lists.openshift.redhat.com > http://lists.openshift.redhat.com/openshiftmm/listinfo/users _______________________________________________ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users