Description of problem: Should create service account during creating ipfailver pod if the specified service account is not exist. or give a error message like "your specified service account is not exist" at least. for now if the service account is not exist or did not be add to scc privileged. ipfailover pod can be deployed but cannot be created on node. Version-Release number of selected component (if applicable): # openshift version openshift v3.2.0.14 kubernetes v1.2.0-36-g4a3f9c5 etcd 2.2.5 How reproducible: always Steps to Reproduce: 1. Create ipfaiover pod using one non-exist service account oadm ipfailover ipf2 --virtual-ips="10.66.127.100-101" --credentials=/etc/origin/master/openshift-router.kubeconfig --replicas=2 -w 1936 --service-account=non-exist --images='brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/openshift3/ose-${component}:${version}' --create Actual results: step 1 will show "deploymentconfig "ipf2" created", but ipfailover pod cannot be created since no scc privileged for this service account Expected results: 1. openshift can create service account at same time if not exist the user specified 2. if the service account is not add to scc privileged. should also give a prompt message Additional info:
https://github.com/openshift/origin/pull/9618
This has been merged into ose and is in OSE v3.3.0.23 or newer.
verified this bug on v3.3.0.23 # oadm ipfailover ipf --create --virtual-ips=10.66.137.100-101 --replicas=2 -w 80 --images='brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/openshift3/ose-keepalived-ipfailover:v3.3.0.23'error: ipfailover could not be created; service account "ipfailover" does not have sufficient privileges, grant access with oadm policy add-scc-to-user privileged -z ipfailover
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2016:1933