Openshift：无法针对任何安全>上下文约束进行验证

我尝试创建以下statefulSet:

apiVersion: apps/v1
kind: StatefulSet
metadata:
name: es-cluster
namespace: efk
spec:
serviceName: elasticsearch
replicas: 3
selector:
matchLabels:
app: elasticsearch
template:
metadata:
labels:
app: elasticsearch
spec:
containers:
- name: elasticsearch
image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.2.0
resources:
limits:
cpu: 1000m
requests:
cpu: 100m
ports:
- containerPort: 9200
name: rest
protocol: TCP
- containerPort: 9300
name: inter-node
protocol: TCP
volumeMounts:
- name: data
mountPath: /usr/share/elasticsearch/data
env:
- name: cluster.name
value: k8s-logs
- name: node.name
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: discovery.zen.ping.unicast.hosts
value: "es-cluster-0.elasticsearch,es-cluster-1.elasticsearch,es-cluster-2.elasticsearch"
- name: discovery.zen.minimum_master_nodes
value: "2"
- name: ES_JAVA_OPTS
value: "-Xms256m -Xmx256m"
initContainers:
- name: fix-permissions
image: busybox
command: ["sh", "-c", "chown -R 1000:1000 /usr/share/elasticsearch/data"]
securityContext:
privileged: true
volumeMounts:
- name: data
mountPath: /usr/share/elasticsearch/data
- name: increase-vm-max-map
image: busybox
command: ["sysctl", "-w", "vm.max_map_count=262144"]
securityContext:
privileged: true
- name: increase-fd-ulimit
image: busybox
command: ["sh", "-c", "ulimit -n 65536"]
securityContext:
privileged: true
volumeClaimTemplates:
- metadata:
name: data
spec:
accessModes: [ "ReadWriteOnce" ]
storageClassName: "pv0002"
resources:
requests:
storage: 100Mi

不幸的是，我遇到了以下异常，我似乎无法解决：

在StatefulSet es集群中创建Pod es-cluster-0失败错误：pods"es-cluster-0"被禁止：无法根据任何安全性进行验证上下文约束：[spec.initContainers[0].securityContext.privieged:无效值：true:不允许使用特权容器spec.ini容器[1].securityContext.privieged:无效值：true:不允许使用特权容器spec.ini容器[2].securityContext.privieged:无效值：true:不允许使用特权容器]

我添加了：

oc adm policy add-scc-to-user privileged developer

不确定我还应该检查什么，我希望它能起作用。

注意：我在Mac OSX上本地使用CRC。https://github.com/code-ready/crc

编辑，我太过火了，添加了所有可能的用户，想到：

oc describe scc 
Name:                                           privileged
Priority:                                       <none>
Access:                                         
Users:                                        system:admin,system:serviceaccount:openshift-infra:build-controller,developer,deployer,default,builder,statefulset-controller
Groups:                                       system:cluster-admins,system:nodes,system:masters
Settings:                                       
Allow Privileged:                             true
Allow Privilege Escalation:                   true
Default Add Capabilities:                     <none>
Required Drop Capabilities:                   <none>
Allowed Capabilities:                         *
Allowed Seccomp Profiles:                     *
Allowed Volume Types:                         *
Allowed Flexvolumes:                          <all>
Allowed Unsafe Sysctls:                       *
Forbidden Sysctls:                            <none>
Allow Host Network:                           true
Allow Host Ports:                             true
Allow Host PID:                               true
Allow Host IPC:                               true
Read Only Root Filesystem:                    false
Run As User Strategy: RunAsAny                
UID:                                        <none>
UID Range Min:                              <none>
UID Range Max:                              <none>
SELinux Context Strategy: RunAsAny            
User:                                       <none>
Role:                                       <none>
Type:                                       <none>
Level:                                      <none>
FSGroup Strategy: RunAsAny                    
Ranges:                                     <none>
Supplemental Groups Strategy: RunAsAny        
Ranges:                                     <none>

相同的错误wtf。。。