标签：usable managed serviceaccount Forbidden enabled instance user provider privilege

reference

https://docs.microsoft.com/en-us/azure/azure-arc/data/create-sql-managed-instance-using-kubernetes-native-tools

issue encountered:

• failed to create resource and error msg like below

FailedCreate replicaset/bootstrapper-796c4c67db Error creating: pods 'bootstrapper-796c4c67db-' is forbidden: unable to validate against any security context constraint: [provider 'anyuid': Forbidden: not usable by user or serviceaccount, provider restricted: .spec.securityContext.fsGroup: Invalid value: []int64{1000700001}: 1000700001 is not an allowed group, spec.containers[0].securityContext.runAsUser: Invalid value: 1000700001: must be in the ranges: [1000690000, 1000699999], provider 'nonroot': Forbidden: not usable by user or serviceaccount, provider 'hostmount-anyuid': Forbidden: not usable by user or serviceaccount, provider 'machine-api-termination-handler': Forbidden: not usable by user or serviceaccount, provider 'hostnetwork': Forbidden: not usable by user or serviceaccount, provider 'hostaccess': Forbidden: not usable by user or serviceaccount, provider 'kube-aad-proxy-scc': Forbidden: not usable by user or serviceaccount, provider 'node-exporter': Forbidden: not usable by user or serviceaccount, provider 'privileged': Forbidden: not usable by user or serviceaccount, provider 'privileged-genevalogging': Forbidden: not usable by user or serviceaccount]

resolution:

You created custom SCC with the service account and you were able to deploy data controller and arc SQL MI

oc adm policy add-scc-to-user privileged system:serviceaccount:arcdataservices:default
oc adm policy add-scc-to-user privileged system:serviceaccount:arcdataservices:sa-arc-metricsdc-reader”

标签：usable,managed,serviceaccount,Forbidden,enabled,instance,user,provider,privilege
来源： https://www.cnblogs.com/aboa/p/16399527.html

本站声明： 1. iCode9 技术分享网（下文简称本站）提供的所有内容，仅供技术学习、探讨和分享；
2. 关于本站的所有留言、评论、转载及引用，纯属内容发起人的个人观点，与本站观点和立场无关；
3. 关于本站的所有言论和文字，纯属内容发起人的个人观点，与本站观点和立场无关；
4. 本站文章均是网友提供，不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属；如您发现该文章侵犯了您的权益，可联系我们第一时间进行删除；
5. 本站为非盈利性的个人网站，所有内容不会用来进行牟利，也不会利用任何形式的广告来间接获益，纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。