Add `privileged` SCC to SA in OpenShift DevStack
In containerized OpenShift deployments we're not attaching `privileged`
SCC to `kuryr-controller` SA created by DevStack plugin. This causes
kuryr-controller Deployment and kuryr-cni DaemonSet to fail as
`kuryr-controller` SA lacks permissions to run privileged containers.
This commit solves that by using `oadm` to attach the SCC to SA.
Change-Id: I2c827cd986a17e08c94558c852b4a225cfe057a6
Closes-Bug: 1759287
(cherry picked from commit 08ce565051
)
This commit is contained in:
parent
a14520b83e
commit
5b9b4fcf66
|
@ -143,6 +143,11 @@ function run_containerized_kuryr_resources {
|
|||
/usr/local/bin/kubectl create -f \
|
||||
"${k8s_data_dir}/service_account.yml" \
|
||||
|| die $LINENO "Failed to create kuryr-kubernetes ServiceAccount."
|
||||
|
||||
if is_service_enabled openshift-master; then
|
||||
# NOTE(dulek): For OpenShift add privileged SCC to serviceaccount.
|
||||
/usr/local/bin/oadm policy add-scc-to-user privileged -n kube-system -z kuryr-controller
|
||||
fi
|
||||
/usr/local/bin/kubectl create -f \
|
||||
"${k8s_data_dir}/controller_deployment.yml" \
|
||||
|| die $LINENO "Failed to create kuryr-kubernetes Deployment."
|
||||
|
|
Loading…
Reference in New Issue