Docker Community Forums

Share and learn in the Docker community.

Kubernetes PodSecurityPolicies

Release notes should describe the new PodSecurityPolicies. After an upgrade from 3.1. existing Persistent volumes of type “hostPath”
and “Local Volume” will stay in pending status

root@cc1e8ef4b148:/ucp/workbench# kubectl get podsecuritypolicies -o wide
NAME           PRIV    CAPS   SELINUX    RUNASUSER   FSGROUP    SUPGROUP   READONLYROOTFS   VOLUMES
privileged     true    *      RunAsAny   RunAsAny    RunAsAny   RunAsAny   false            *
unprivileged   false          RunAsAny   RunAsAny    RunAsAny   RunAsAny   false            *

root@cc1e8ef4b148:/ucp/workbench# kubectl get persistentvolume mongo-vol-1 -o wide
NAME          CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS    CLAIM   STORAGECLASS   REASON   AGE
mongo-vol-1   1Gi        RWO            Retain           Pending           manual                  51m

Hi there, thanks for reporting this and we are aware of this issue.

Prior to Kube 1.14, could you let us know if you are trying local volumes while they were still in beta?

Hi, no I was using just hostPath volumes, when I noticed the issue with PodSecurityPolicies I tried to switch to Local Volumes.