Running Pods as Anyuid in Openshift Origin
When using Openshift Origin, by default all pods are running with 'restricted' context, where they are forced to use a generated user id. Some Containers just doesn't work that way, so we need to relax the restriction a bit. Reference : https://blog.openshift.com/understanding-service-accounts-sccs/ Creating A service account First, create a service account in your project (see https://docs.openshift.com/enterprise/3.0/admin_guide/manage_scc.html ). These are a sample yaml to do that : kind: ServiceAccount apiVersion: v1 metadata: name: mysvcacct Note that underscore are not allowed as service account name despite the official openshift example contains it. Assigning anyuid Then, a cluster administrator should login to the project and assign anyuid SCC : oc login oc project theproject oc adm policy add-scc-to-user anyuid -z mysvcacct Using the service account Now, edit the deployment config or the replication controller config to use the serv...