mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-10-09 00:26:58 +00:00
59b1f4a12e
Automatic merge from submit-queue (batch tested with PRs 39394, 38270, 39473, 39516, 36243) Improve an error message when privileged containers are disallowed on the cluster **What this PR does / why we need it**: At present when user creates privileged pod and creation of privileged containers disallowed globally by a system administrator (kubelet and api-server were running with `--allow-privileged=false`), user will get the following error message: ```console $ kubectl create -f nginx.pod The Pod "nginx" is invalid: spec.containers[0].securityContext.privileged: Forbidden: disallowed by policy ``` "Disallowed by policy" may give a wrong assumption to a user that creation of privileged containers disallowed by [`PodSecurityPolicy`](http://kubernetes.io/docs/user-guide/pod-security-policy/) while it's not. This commit improves error message and tries to point user to the right direction: ```console $ kubectl create -f nginx.pod The Pod "nginx" is invalid: spec.containers[0].securityContext.privileged: Forbidden: privileged containers are disallowed on this cluster by a system administrator ``` **Release note**: ```release-note NONE ``` PTAL @pweil-