In some cases you will need to create a service account with root support to enable a container to run with root privileges.
Create a Service Account
For example, Apache deployment may fail because of a permissions issue.
This can be resolved by creating a new service account and associating it with the
anyuid security context. You will need admin privileges to do that.
$ oc login -u system:admin $ oc create serviceaccount apache-account $ oc adm policy add-scc-to-user anyuid -z apache-account
As the developer user, update the deployment configuration to use the newly created service account.
$ oc login -u developer $ oc edit dc/apache
Update the deployment configuration resource responsible for managing the apache deployment to use the newly created service account:
spec: template: spec: serviceAccountName: apache-account
The configuration change will trigger a new Apache deployment resulting in a running pod.