On Tue, Jul 25, 2017 at 9:02 AM, Pri <[email protected]> wrote:
> Hi Paul, > > I cant understand this step,apologies: > > - From there you need to set the SecurityContext field in your container > spec which is in the pod spec. > > Do you mean we deploy the image and then edit the pod spec ? > > to deploy the image I am using "oc new-app <image-name>" , this creates a > deploymentconfig and pod. So you are saying to edit the pod spec after this > step? > Yes, if you already have the deployment config from new-app then you may edit the spec in the DC and redeploy. > > Thanks again! > > On Tue, Jul 25, 2017 at 6:26 PM, Paul Weil <[email protected]> wrote: > >> >> >> On Tue, Jul 25, 2017 at 8:49 AM, Pri <[email protected]> >> wrote: >> >>> Hi Paul, >>> >>> thanks for the response. I need to run privileged containers using root >>> user, so as per you mail I did >>> >>> 1) oc adm policy add-scc-to-user privileged root >>> >> >> This is incorrect, the grant needs to be to a service account in your >> project. From the comment below it looks like you'll be using the >> "default" service account (which is used when no SA is specified) so the >> command that should be executed as a cluster admin user from within the >> project in question is: >> >> oc adm policy add-scc-to-user privileged -z default >> >> You should then be able to do an oc get scc privileged -o yaml and see >> your service account in the form of "system:serviceaccount:<your >> project>:default". >> >> From there you need to set the SecurityContext field in your container >> spec which is in the pod spec. >> >> Since the privileged SCC uses the RunAsAny user strategy it will run with >> whatever UID is specified in the docker file. If nothing is set it should >> run as root so you shouldn't have to set anything special there. If a user >> is set then set the RunAsUser field in the same SecurityContext that you >> set privileged. >> >> >>> >>> 2) I have below service account in my project , not sure where to set >>> the SecurityContext field >>> builder >>> default >>> deployer >>> >>> could you please help? >>> thanks a lot! >>> >>> On Tue, Jul 25, 2017 at 6:07 PM, Paul Weil <[email protected]> wrote: >>> >>>> You need to both grant access to the privileged SCC >>>> <https://docs.openshift.org/latest/admin_guide/manage_scc.html#grant-access-to-the-privileged-scc> >>>> to the service account running the pod and set the >>>> SecurityContext.Privileged field to true >>>> <https://docs.openshift.org/latest/rest_api/kubernetes_v1.html#v1-securitycontext> >>>> . >>>> >>>> Thanks! >>>> >>>> Paul >>>> >>>> On Tue, Jul 25, 2017 at 8:31 AM, Pri <[email protected]> >>>> wrote: >>>> >>>>> Hi , >>>>> >>>>> Is there a way we can run docker images on openshift with >>>>> "--privileged" mode ? >>>>> >>>>> Something like we do while running any docker image such as: >>>>> >>>>> docker run --privileged <image-name> <command> >>>>> >>>>> >>>>> I tried editing privileged scc but that doesnt work for me . Could you >>>>> please help if its possible? >>>>> >>>>> Thanks, >>>>> Priy >>>>> >>>>> _______________________________________________ >>>>> dev mailing list >>>>> [email protected] >>>>> http://lists.openshift.redhat.com/openshiftmm/listinfo/dev >>>>> >>>>> >>>> >>> >> >
_______________________________________________ dev mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
