anyuid is less restrictive than restricted, unless you customized
restricted.  Did youvustomize restricted?

On May 17, 2018, at 8:56 AM, Charles Moulliard <cmoul...@redhat.com> wrote:

Hi,

If we scale down/up the Replication Set of the OpenShift Web Console, then
the new pod created will crash and report

"Error: unable to load server certificate: open /var/serving-cert/tls.crt:
permission denied"

This problem comes from the fact that when the pod is recreated, then the
scc annotation is set to anyuid instead of restricted and then the pod
can't access the cert

apiVersion: v1
kind: Pod
metadata:
  annotations:
    openshift.io/scc: anyuid

Is this bug been fixed for openshift 3.9 ? Is there a workaround to resolve
it otherwise we can't access anymore the Web Console ?

Regards

CHARLES MOULLIARD

SOFTWARE ENGINEER MANAGER SPRING(BOOT)

Red Hat <https://www.redhat.com/>

cmoulli...@redhat.com    M: +32-473-604014
<https://red.ht/sig>
@cmoulliard <https://twitter.com/cmoulliard>

_______________________________________________
dev mailing list
dev@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
_______________________________________________
dev mailing list
dev@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/dev

Reply via email to