This repository has been archived by the owner on May 8, 2024. It is now read-only.
init-pvc pod runs with priviledged security context #294
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Hi,
On our cluster (microk8s), pods running with privileged security context are disallowed by configuration of the API server. It seems now that the localpv-provisioner starts an init container that runs with a privileged security context, hence causing the error below (from the output of
kubectl describe pvc ...). I created a custom storage class to set the base path as described here.Is there a functional reason why the container needs the privileges or is the security context configurable somewhere? Thanks!
Warning ProvisioningFailed 20s (x2 over 35s) openebs.io/local_openebs-localpv-provisioner-695c5f756-cfptz_03c93f6f-84bf-4dc1-a06e-da2b9c7adfdc failed to provision volume with StorageClass "custom-storage-class": Pod "init-pvc-76e5fa24-8c03-4f7c-b8bd-04f09c114175" is invalid: spec.containers[0].securityContext.privileged: Forbidden: disallowed by cluster policyThe text was updated successfully, but these errors were encountered: