Description of problem: Replication controllers don't store .spec.template.spec.initContainers.securityContext Version-Release number of selected component (if applicable): 3.7 (Haven't tried it on 3.9) How reproducible: Always Steps to Reproduce: 1. oc create serviceaccount privilegeduser 2. oc adm policy add-scc-to-user privileged -z privilegeduser 3. oc create -f- <<EOF apiVersion: v1 kind: ReplicationController metadata: labels: name: egress-router name: egress-router spec: replicas: 1 selector: name: egress-router template: metadata: annotations: creationTimestamp: null labels: name: egress-router name: egress-router spec: containers: - image: registry.access.redhat.com/openshift3/ose-pod imagePullPolicy: Always name: egress-router-wait resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File dnsPolicy: ClusterFirst initContainers: - env: - name: EGRESS_SOURCE value: 172.22.110.124 - name: EGRESS_GATEWAY value: 172.22.110.200 - name: EGRESS_DESTINATION value: 172.22.104.54 - name: EGRESS_ROUTER_MODE value: init image: registry.access.redhat.com/openshift3/ose-egress-router securityContext: privileged: true imagePullPolicy: Always name: egress-router-init resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File restartPolicy: Always securityContext: {} serviceAccount: privilegeduser serviceAccountName: privilegeduser terminationGracePeriodSeconds: 30 status: {} EOF 4. oc get rc egress-router -o yaml doesn't have .spec.template.spec.initContainers.securityContext Actual results: rc doesn't have .spec.template.spec.initContainers.securityContext Expected results: rc has doesn't have .spec.template.spec.initContainers.securityContext.privileged: true
I'm unable to reproduce $ oc version oc v3.7.44-1+5b9c6df-18 kubernetes v1.7.6+a08f5eeb62 features: Basic-Auth Server https://10.13.129.45:8443 openshift v3.7.44-1+5b9c6df-18 kubernetes v1.7.6+a08f5eeb62 $ oc create -f- <<EOF apiVersion: v1 kind: ReplicationController metadata: labels: name: egress-router name: egress-router spec: replicas: 1 selector: name: egress-router template: metadata: annotations: creationTimestamp: null labels: name: egress-router name: egress-router spec: containers: - image: registry.access.redhat.com/openshift3/ose-pod imagePullPolicy: Always name: egress-router-wait resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File dnsPolicy: ClusterFirst initContainers: - env: - name: EGRESS_SOURCE value: 172.22.110.124 - name: EGRESS_GATEWAY value: 172.22.110.200 - name: EGRESS_DESTINATION value: 172.22.104.54 - name: EGRESS_ROUTER_MODE value: init image: registry.access.redhat.com/openshift3/ose-egress-router securityContext: privileged: true imagePullPolicy: Always name: egress-router-init resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File restartPolicy: Always securityContext: {} serviceAccount: privilegeduser serviceAccountName: privilegeduser terminationGracePeriodSeconds: 30 status: {} EOF $ oc get rc egress-router -o yaml apiVersion: v1 kind: ReplicationController metadata: creationTimestamp: 2018-05-03T14:04:39Z generation: 1 labels: name: egress-router name: egress-router namespace: default resourceVersion: "812" selfLink: /api/v1/namespaces/default/replicationcontrollers/egress-router uid: ebb149f6-4eda-11e8-8075-6a000155e300 spec: replicas: 1 selector: name: egress-router template: metadata: ... name: egress-router spec: containers: - image: registry.access.redhat.com/openshift3/ose-pod imagePullPolicy: Always name: egress-router-wait resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File dnsPolicy: ClusterFirst initContainers: - env: - name: EGRESS_SOURCE value: 172.22.110.124 - name: EGRESS_GATEWAY value: 172.22.110.200 - name: EGRESS_DESTINATION value: 172.22.104.54 - name: EGRESS_ROUTER_MODE value: init image: registry.access.redhat.com/openshift3/ose-egress-router imagePullPolicy: Always name: egress-router-init resources: {} securityContext: privileged: true ... the securityContext.privileged field is under a particular initContainer, like this: .spec.template.spec.initContainers[0].securityContext.privileged