Issue
We use Docker EE to build Docker images in CloudBees Core. When using the DinD approach as described in the following document, we get the following error:
Forbidden!Configured service account doesn't have access. Service account may have been revoked. pods "pod-dind-XXXX" is forbidden: user "system:serviceaccount:namespace:username" is not an admin and does not have permissions to use privileged mode for resource.
Resolution
According to Docker EE documentation:
If a user without a cluster-admin role tries to deploy a pod with any of these privileged options, an error similar to the following example is displayed:
Error from server (Forbidden): error when creating "pod.yaml": pods "mypod" is forbidden: user "<user-id>" is not an admin and does not have permissions to use privileged mode for resource
You can check the details on this particular topic in the Docker EE Authorization documentation.
Once that you promote the service account used by CloudBees Core to a cluster-admin role, the issue is resolved and you will be able to create privileged pods without further issues.
Tested product/plugin versions
-
CloudBees CI (CloudBees Core) 2.176.3.2
-
Docker EE 3.1.1