Skip to content
This repository has been archived by the owner on Nov 2, 2023. It is now read-only.

[BUG]UnitedDeployment/YurtAppSet/YurtAppDaemon cannot be enable pod privileged #128

Open
gbtyy opened this issue Nov 26, 2022 · 1 comment
Open

[BUG]UnitedDeployment/YurtAppSet/YurtAppDaemon cannot be enable pod privileged #128

gbtyy opened this issue Nov 26, 2022 · 1 comment
Labels
kind/bug kind/bug

Comments

@gbtyy
Copy link

gbtyy commented Nov 26, 2022
edited
Loading

What happened:
UnitedDeployment/YurtAppSet/YurtAppDaemon set pod privileged,will happend error:
The UnitedDeployment "ud-test" is invalid: spec.workloadTemplate.deploymentTemplate.spec.template.spec.containers[0].securityContext.privileged: Forbidden: disallowed by cluster policy

ud-test.yaml:

apiVersion: apps.openyurt.io/v1alpha1
kind: UnitedDeployment
metadata:
  labels:
    controller-tools.k8s.io: "1.0"
  name: ud-test
spec:
  selector:
    matchLabels:
      app: ud-test
  workloadTemplate:
    deploymentTemplate:
      metadata:
        labels:
          app: ud-test
      spec:
        template:
          metadata:
            labels:
              app: ud-test
          spec:
            tolerations:
            - key: "node-role.openyurt.io/edge"
              operator: "Exists"
              effect: "NoSchedule"
            containers:
              - name: nginx
                image: nginx:latest
                securityContext:
                  AllowPrivilegeEscalation: true
                  privileged: true
                ports:
                - containerPort: 80
                readinessProbe:
                  failureThreshold: 5
                  httpGet:
                    path: /
                    port: 80
                    scheme: HTTP
                  initialDelaySeconds: 10
                  periodSeconds: 10
                  successThreshold: 1
                  timeoutSeconds: 5
  topology:
    pools:
    - name: np1
      nodeSelectorTerm:
        matchExpressions:
        - key: apps.openyurt.io/nodepool
          operator: In
          values:
          - np1
      replicas: 1
  revisionHistoryLimit: 5

What you expected to happen:
UnitedDeployment/YurtAppSet/YurtAppDaemon will work to enable the privileged

How to reproduce it (as minimally and precisely as possible):

Anything else we need to know?:

Environment:

  • OpenYurt version: 1.1.0
  • Kubernetes version (use kubectl version): 1.21.9
  • OS (e.g: cat /etc/os-release): centos 7.6
  • Kernel (e.g. uname -a): 5.18.11-1.el7.elrepo.x86_64
  • Install tools:
  • Others:

others

/kind bug
@gbtyy gbtyy added the kind/bug kind/bug label Nov 26, 2022
@rambohe-ch
Copy link
Member

@kadisi PTAL

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
kind/bug kind/bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gbtyy @rambohe-ch