Thanks Paul, it works :) On Tue, Jul 25, 2017 at 6:40 PM, Paul Weil <[email protected]> wrote:
> > > On Tue, Jul 25, 2017 at 9:02 AM, Pri <[email protected]> wrote: > >> Hi Paul, >> >> I cant understand this step,apologies: >> >> - From there you need to set the SecurityContext field in your container >> spec which is in the pod spec. >> >> Do you mean we deploy the image and then edit the pod spec ? >> >> to deploy the image I am using "oc new-app <image-name>" , this creates a >> deploymentconfig and pod. So you are saying to edit the pod spec after this >> step? >> > > Yes, if you already have the deployment config from new-app then you may > edit the spec in the DC and redeploy. > > >> >> Thanks again! >> >> On Tue, Jul 25, 2017 at 6:26 PM, Paul Weil <[email protected]> wrote: >> >>> >>> >>> On Tue, Jul 25, 2017 at 8:49 AM, Pri <[email protected]> >>> wrote: >>> >>>> Hi Paul, >>>> >>>> thanks for the response. I need to run privileged containers using root >>>> user, so as per you mail I did >>>> >>>> 1) oc adm policy add-scc-to-user privileged root >>>> >>> >>> This is incorrect, the grant needs to be to a service account in your >>> project. From the comment below it looks like you'll be using the >>> "default" service account (which is used when no SA is specified) so the >>> command that should be executed as a cluster admin user from within the >>> project in question is: >>> >>> oc adm policy add-scc-to-user privileged -z default >>> >>> You should then be able to do an oc get scc privileged -o yaml and see >>> your service account in the form of "system:serviceaccount:<your >>> project>:default". >>> >>> From there you need to set the SecurityContext field in your container >>> spec which is in the pod spec. >>> >>> Since the privileged SCC uses the RunAsAny user strategy it will run >>> with whatever UID is specified in the docker file. If nothing is set it >>> should run as root so you shouldn't have to set anything special there. If >>> a user is set then set the RunAsUser field in the same SecurityContext that >>> you set privileged. >>> >>> >>>> >>>> 2) I have below service account in my project , not sure where to set >>>> the SecurityContext field >>>> builder >>>> default >>>> deployer >>>> >>>> could you please help? >>>> thanks a lot! >>>> >>>> On Tue, Jul 25, 2017 at 6:07 PM, Paul Weil <[email protected]> wrote: >>>> >>>>> You need to both grant access to the privileged SCC >>>>> <https://docs.openshift.org/latest/admin_guide/manage_scc.html#grant-access-to-the-privileged-scc> >>>>> to the service account running the pod and set the >>>>> SecurityContext.Privileged field to true >>>>> <https://docs.openshift.org/latest/rest_api/kubernetes_v1.html#v1-securitycontext> >>>>> . >>>>> >>>>> Thanks! >>>>> >>>>> Paul >>>>> >>>>> On Tue, Jul 25, 2017 at 8:31 AM, Pri <[email protected]> >>>>> wrote: >>>>> >>>>>> Hi , >>>>>> >>>>>> Is there a way we can run docker images on openshift with >>>>>> "--privileged" mode ? >>>>>> >>>>>> Something like we do while running any docker image such as: >>>>>> >>>>>> docker run --privileged <image-name> <command> >>>>>> >>>>>> >>>>>> I tried editing privileged scc but that doesnt work for me . Could >>>>>> you please help if its possible? >>>>>> >>>>>> Thanks, >>>>>> Priy >>>>>> >>>>>> _______________________________________________ >>>>>> dev mailing list >>>>>> [email protected] >>>>>> http://lists.openshift.redhat.com/openshiftmm/listinfo/dev >>>>>> >>>>>> >>>>> >>>> >>> >> >
_______________________________________________ dev mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
