I'm attempting to launch a container that launches its process by running several commands as another user. The commands are executed using su. I first thought this was a problem in the storage backend, as the container was built on devicemapper but run on aufs, but the container starts correctly when I use docker run. I also thought that this was an issue with the container being privileged, but I've already taken the steps necessary to run privileged containers on my cluster, as well as added the privileged: true flag to my ReplicationController definition. Any help is appreciated.
Kube v1
Docker 1.7.0
Mesos 0.23.0
Edit: So after some troubleshooting, it appears that my issue is that Kubernetes is not setting the container to privileged correctly. Even though I have --allow-privileged=true set for my apiserver, and the below snippet from my ReplicationController:
spec:
containers:
- name: oracledb
image: bradams/devops:oracle-test
privileged: trueNot sure what else I should be doing here.
Correct syntax is:
spec: containers: - name: oracledb image: bradams/devops:oracle-test securityContext: privileged: true
You are missing nesting under securityContext:. This changed between v1beta3 and v1, and is documented here: http://kubernetes.io/v1.0/docs/api.html#v1-conversion-tips-from-v1beta3
If you try creating your pod using kubectl create --validate=true ... then I think this problem would be caught, with an error message.