-
Bug
-
Resolution: Unresolved
-
Normal
-
None
-
4.16.z
-
None
-
Moderate
-
None
-
False
-
-
Description of problem:
When a new project is created and a custom Security Context Constraint (SCC) is assigned to the default service account in the newly created project, a pod created using a deployment.json file uses the custom SCC as expected. However, a pod created using the pod.json file is instead created with the anyuid SCC, despite the custom SCC being assigned to the default service account.
Version-Release number of selected component (if applicable):
How reproducible:
100%
Steps to Reproduce:
1. Create a new project.
2. Create a new SCC and assign it as a custom SCC.
3. Assign the custom SCC to the default in the newly created project.
4. Create a deployment using deployment.json.
Expected Behavior: Pod should be created with the custom SCC.
Actual Behavior: Pod is created with the custom SCC as expected.
5. Create a pod using pod.json.
Expected Behavior: Pod should be created with the custom SCC.
Actual Behavior: Pod is created with the anyuid SCC instead.
Actual results:
The pod created using pod.json is assigned the anyuid SCC instead of the custom SCC assigned to the project.
Expected results:
The pod created using pod.json should be assigned the custom SCC as per the project configuration.
Additional info:
This issue appears to occur specifically when creating a pod with pod.json. The issue does not occur when creating a pod using deployment.json. Customer edited the SA like below : ~~~ $ oc get sa -oyaml - apiVersion: v1 imagePullSecrets: —---------------------> add this - name: ocp-local —---------------------> add this kind: ServiceAccount metadata: name: default ~~~
