OpenShift: Create a Service Account

In some cases you will need to create a service account with root support to enable a container to run with root privileges.

Create a Service Account

For example, Apache deployment may fail because of a permissions issue.

This can be resolved by creating a new service account and associating it with the anyuid security context. You will need admin privileges to do that.

$ oc login -u system:admin
$ oc create serviceaccount apache-account
$ oc adm policy add-scc-to-user anyuid -z apache-account

As the developer user, update the deployment configuration to use the newly created service account.

$ oc login -u developer
$ oc edit dc/apache

Update the deployment configuration resource responsible for managing the apache deployment to use the newly created service account:

spec:
  template:
    spec:
      serviceAccountName: apache-account

The configuration change will trigger a new Apache deployment resulting in a running pod.

Leave a Reply

Your email address will not be published.