I think most teams at the Brno F2F were struggling with this. It works locally, but semi-obscure failures when pushed 'live'. And out of the 30 RH engineers there, none knew 100% or was able to dig up a doc that explained why and how to fix it...
This is/will be a massive pain point moving from Dev to Production. The very least we need some very clear, simple guides on how to make it work. -aslak- On Wed, May 18, 2016 at 1:10 PM, Clayton Coleman <[email protected]> wrote: > It was a deliberate choice, predicated on other changes coming to > Docker (user namespaces) plus the desire to ensure demos run. > > Ultimately, the CDK is a playground. Putting up chain link fences > around the playground sends the wrong message. > > I'd prefer to have it easier to go between the levels in the short > term than to ratchet it back. > > > On May 17, 2016, at 11:27 PM, Dusty Mabe <[email protected]> wrote: > > > > > > Currently we are configuring openshift in the CDK/ADB to be more > > permissive than it should be when running containers. > > > > At [1] we are setting: > > > > oadm policy add-scc-to-group anyuid system:authenticated > > > > From my experiments this means that containers run as anyuid and thus > > can be root, cc clayton for confirmation. > > > > What this means is that we are misleading users to thinking things > > will run in production OpenShift, when the production OpenShift most > > likely won't have things configured this way. > > > > We should probably not be doing this. Reverting this change will also > > mean that proposed demos, etc.. should be retested on the newer version > > meticulously. > > > > Dusty > > > > [1] > https://github.com/projectatomic/adb-utils/blob/01adadd904dea98033c9c83d0648d90f5e8f2806/services/openshift/scripts/openshift_provision#L47 > > _______________________________________________ > Devtools mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/devtools >
_______________________________________________ Container-tools mailing list [email protected] https://www.redhat.com/mailman/listinfo/container-tools
