Describe the bug
I have a customize nginx container image which run with root user. Now issue is it runs with Restricted SCC. When I run this image with just pod template it start with anyuid and it works fine. But when I run this from template it starts with Restricted SCC. I have enabled privileges container to true in restricted scc.
One major issue is here is that when I run command like below, it don't add that service account under user in SCC. I have to manually edit it and add that. Only after pod running with anyuid is working fine.
oc adm policy add-scc-to-user scc-admin system:serviceaccount:testing:default
I tried to add similar entries in restricted scc manully but, it did not work, then I tried to create new scc with all privileges scc-admin.
FYI.. During installation it failed with Openshift SDN, that time some issue was going on, then I use OVN-kubernetes.
Version
[amit@okd-installer ~]$ oc version
Client Version: 4.7.16
Server Version: 4.7.0-0.okd-2021-06-19-191547
Kubernetes Version: v1.20.0-1079+87cc9a4ade7ebe-dirty
It is installed on Baremetal servers with fedora coreos and it is UPI.
How reproducible
Everytime
Log bundle
Will attach logs soon.
Describe the bug
I have a customize nginx container image which run with root user. Now issue is it runs with Restricted SCC. When I run this image with just pod template it start with anyuid and it works fine. But when I run this from template it starts with Restricted SCC. I have enabled privileges container to true in restricted scc.
One major issue is here is that when I run command like below, it don't add that service account under user in SCC. I have to manually edit it and add that. Only after pod running with anyuid is working fine.
oc adm policy add-scc-to-user scc-admin system:serviceaccount:testing:default
I tried to add similar entries in restricted scc manully but, it did not work, then I tried to create new scc with all privileges scc-admin.
FYI.. During installation it failed with Openshift SDN, that time some issue was going on, then I use OVN-kubernetes.
Version
[amit@okd-installer ~]$ oc version
Client Version: 4.7.16
Server Version: 4.7.0-0.okd-2021-06-19-191547
Kubernetes Version: v1.20.0-1079+87cc9a4ade7ebe-dirty
It is installed on Baremetal servers with fedora coreos and it is UPI.
How reproducible
Everytime
Log bundle
Will attach logs soon.