Re: Deployment getting deleted when running configure.yml again
I presume you’re running OpenShift 3.7? If you’re running the new template broker (openshift-ansible installs it) it has a nasty bug that does what you describe. But you can work around it by removing an owner reference see: https://lists.openshift.redhat.com/openshift-archives/users/2018-January/msg00045.html On Tue, 30 Jan 2018 at 9:53 pm, Alon Zusmanwrote: > Hello, > I have an OpenShift cluster with 3 masters, 3 infra, 3 nodes. > > I change the cluster configuration from a time to time and whenever I run > config.yml (after the first time) all the deployments that were created > using a provisioned service being deleted. > > That is a huge problem for me. > Am I missing something? Should I be running a different playbook? > Thank you. > ___ > users mailing list > users@lists.openshift.redhat.com > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
Re: Headless services without selectors are forbidden in OpenShift
You can grant the role to the user to let them set it. However, that lets that app escape any network isolation boundaries so the multitenant network plugin won’t work. You can also grant that permission to all users if you don’t need the protection. > On Jan 30, 2018, at 3:18 PM, Tomas Nozickawrote: > > I need to direct Route/Service traffic from one namespace to another > which I have permissions to. (Possibly even the same namespace as > well.) Reading Kubernetes documentation[1] Services without selectors > seem to be the way to do it. It requires you to set Endpoints manually > (e.g. to Service or pod in another namespace) but OpenShift will forbid > you from doing that. > > Error from server (Forbidden): error when creating "endpoints.yaml": > endpoints "my-service" is forbidden: endpoint address 10.131.xxx.xxx is > not allowed > > It requires you to have endpoints/restricted permission regular users > don't have. > > Is that intentional? What are the reasons? (I think this is the place > forbidding it [2].) > > How else can regular user do this? (Except running "redirecting" pod > which is fragile.) > > Thanks, > Tomas > > [1] - https://kubernetes.io/docs/concepts/services-networking/service/# > headless-services > [2] - https://github.com/openshift/origin/blob/de21f148d1ca66ca2bfd2011 > 36c2e99ebda767e9/pkg/service/admission/endpoint_admission.go#L121 > > ___ > users mailing list > users@lists.openshift.redhat.com > http://lists.openshift.redhat.com/openshiftmm/listinfo/users ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
Headless services without selectors are forbidden in OpenShift
I need to direct Route/Service traffic from one namespace to another which I have permissions to. (Possibly even the same namespace as well.) Reading Kubernetes documentation[1] Services without selectors seem to be the way to do it. It requires you to set Endpoints manually (e.g. to Service or pod in another namespace) but OpenShift will forbid you from doing that. Error from server (Forbidden): error when creating "endpoints.yaml": endpoints "my-service" is forbidden: endpoint address 10.131.xxx.xxx is not allowed It requires you to have endpoints/restricted permission regular users don't have. Is that intentional? What are the reasons? (I think this is the place forbidding it [2].) How else can regular user do this? (Except running "redirecting" pod which is fragile.) Thanks, Tomas [1] - https://kubernetes.io/docs/concepts/services-networking/service/# headless-services [2] - https://github.com/openshift/origin/blob/de21f148d1ca66ca2bfd2011 36c2e99ebda767e9/pkg/service/admission/endpoint_admission.go#L121 ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
Re: hostPath not working for me
There is a dedicated SCC that allows access to hostPath -- "hostaccess". In this case, you won't need to modify "restricted" SCC. Also, I see that you granted "anyuid" SCC to the user/SA. If you need to have a both permissions (any uid and access to host), you can grant access to "hostmount-anyuid" SCC. 2018-01-30 12:42 GMT+01:00 Guillermo Gómez: > Hi, im trying to use hostPath working on my v3 installation withouth luck > so far. > > The error i have is > > --> FailedCreate: app1-6 Error creating: pods "app1-6-" is forbidden: > unable to validate against any security context constraint: [provider > anyuid: .spec.containers[0].securityContext.volumes[0]: Invalid value: > "hostPath": hostPath volumes are not allowed to be used provider > restricted: .spec.containers[0].securityContext.volumes[0]: Invalid > value: "hostPath": hostPath volumes are not allowed to be used] > > Tried > > https://docs.openshift.org/3.6/admin_guide/manage_scc.html# > use-the-hostpath-volume-plugin > > and still having the same error. > > What am im doing wrong? > > Im in troubles with this setup and dont know what else to do, we want to > keep Origin in our premises, please help. > > Guillermo Gómez Savino > > ___ > users mailing list > users@lists.openshift.redhat.com > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > > -- Slava Semushin | OpenShift ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
hostPath not working for me
Hi, im trying to use hostPath working on my v3 installation withouth luck so far. The error i have is --> FailedCreate: app1-6 Error creating: pods "app1-6-" is forbidden: unable to validate against any security context constraint: [provider anyuid: .spec.containers[0].securityContext.volumes[0]: Invalid value: "hostPath": hostPath volumes are not allowed to be used provider restricted: .spec.containers[0].securityContext.volumes[0]: Invalid value: "hostPath": hostPath volumes are not allowed to be used] Tried https://docs.openshift.org/3.6/admin_guide/manage_scc.html#use-the-hostpath-volume-plugin and still having the same error. What am im doing wrong? Im in troubles with this setup and dont know what else to do, we want to keep Origin in our premises, please help. Guillermo Gómez Savino ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
Deployment getting deleted when running configure.yml again
Hello, I have an OpenShift cluster with 3 masters, 3 infra, 3 nodes. I change the cluster configuration from a time to time and whenever I run config.yml (after the first time) all the deployments that were created using a provisioned service being deleted. That is a huge problem for me. Am I missing something? Should I be running a different playbook? Thank you. ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users