Pod perceiver: unable to update annotations/labels for pod -- privileged

[mattfenwick]

time="2018-03-13T15:44:29Z" level=error msg="unable to update annotations/labels for pod default:sti-ruby-1-build: pods "sti-ruby-1-build" is forbidden: unable to validate against any security context constraint: [provider restricted: .spec.containers[0].securityContext.privileged: Invalid value: true: Privileged containers are not allowed provider restricted: .spec.containers[0].securityContext.volumes[0]: Invalid value: "hostPath": hostPath volumes are not allowed to be used]"

[rrati]

If I understand correctly, this isn't a perceiver issue. It looks like incorrect permissions on the service account the perceiver is using and not something fixable in the perceiver code base. Have a reproducer?

[jayunit100]

• .... Whats the hostPath error coming from ?

[jayunit100]

on phone w/ matt, assuming this is a non issue now.

[mattfenwick]

"time="2018-10-12T14:30:24Z" level=error msg="unable to update annotations/labels for pod cover-all-deployment-types-script:django-ex-1-build: pods "django-ex-1-build" is forbidden: unable to validate against any security context constraint: [spec.volumes[1]: Invalid value: "hostPath": hostPath volumes are not allowed to be used spec.volumes[2]: Invalid value: "hostPath": hostPath volumes are not allowed to be used spec.containers[0].securityContext.privileged: Invalid value: true: Privileged containers are not allowed]""
"time="2018-10-12T14:30:31Z" level=error msg="unable to update annotations/labels for pod cover-all-deployment-types-script:ibmjava: pods "ibmjava" is forbidden: unable to validate against any security context constraint: []""

[jlin963]

some other examples here: https://jira.dc1.lan/browse/OPSSIGHT-449