The file mode is 400, and I think anyuid breaks reading it since the user changes.
https://github.com/openshift/openshift-ansible/blob/master/roles/openshift_web_console/files/console-template.yaml#L90 The console doesn't need anyuid... I'm not sure what's adding it. Sam On Thu, May 17, 2018 at 9:03 AM, Clayton Coleman <ccole...@redhat.com> wrote: > anyuid is less restrictive than restricted, unless you customized > restricted. Did youvustomize restricted? > > On May 17, 2018, at 8:56 AM, Charles Moulliard <cmoul...@redhat.com> > wrote: > > Hi, > > If we scale down/up the Replication Set of the OpenShift Web Console, then > the new pod created will crash and report > > "Error: unable to load server certificate: open /var/serving-cert/tls.crt: > permission denied" > > This problem comes from the fact that when the pod is recreated, then the > scc annotation is set to anyuid instead of restricted and then the pod > can't access the cert > > apiVersion: v1 > kind: Pod > metadata: > annotations: > openshift.io/scc: anyuid > > Is this bug been fixed for openshift 3.9 ? Is there a workaround to > resolve it otherwise we can't access anymore the Web Console ? > > Regards > > CHARLES MOULLIARD > > SOFTWARE ENGINEER MANAGER SPRING(BOOT) > > Red Hat <https://www.redhat.com/> > > cmoulli...@redhat.com M: +32-473-604014 > <https://red.ht/sig> > @cmoulliard <https://twitter.com/cmoulliard> > > _______________________________________________ > dev mailing list > dev@lists.openshift.redhat.com > http://lists.openshift.redhat.com/openshiftmm/listinfo/dev > > > _______________________________________________ > dev mailing list > dev@lists.openshift.redhat.com > http://lists.openshift.redhat.com/openshiftmm/listinfo/dev > >
_______________________________________________ dev mailing list dev@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
