Re: Custom SCC assigned to wrong pods

thoughts ? Thanks ! On Wed, May 23, 2018 at 11:18 PM, Daniel Comnea wrote: > I see the rational, thank you for quick response and knowledge. > > On Wed, May 23, 2018 at 10:59 PM, Jordan Liggitt > wrote: > >> By making your SCC available to all authenticated users, it get

Re: Custom SCC assigned to wrong pods

By making your SCC available to all authenticated users, it gets added to the set considered for every pod run by every service account: users: - system:serviceaccount:foo:foo-sa groups: - system:authenticated If you want to limit it to just your foo-sa service account, you should remove the

Re: SCC privileged not applying

> On Dec 19, 2017, at 1:49 AM, Weiwei Jiang wrote: > > But the scc is trying to verify the creater account(you can see this with > audit enabled), and should be daemonset-controller or something like this but > not the given serviceaccount). That's not accurate. You can give

Re: add role for LDAP user with short name

You likely want to specify sAMAccountName as the preferred username attribute. Note that this would only apply to new users. Existing users would retain their long username. On Sep 18, 2017, at 11:07 PM, Tran Tien Dung wrote: Hi everyone, I user LDAP to login openshift,

Re: Why openshift requires DNS server

> Why does separate dns server need? Could kube-dns be used? kube-dns is actually a separate dns server as well. Openshift's DNS implementation resolves some of the scalability issues kube-dns has and is preferred On Jul 13, 2017, at 6:20 AM, Haoran Wang wrote: Hi, 1. when

Re: OpenShift Origin Active Directory Authentication

yscorp> [image: Grey_GP] >> <https://plus.google.com/+UnisysCorp/posts>[image: Grey_YT] >> <http://www.youtube.com/theunisyschannel>[image: Grey_FB] >> <http://www.facebook.com/unisyscorp>[image: Grey_Vimeo] >> <https://vimeo.com/unisys>[image: Grey_UB] &l

Re: OpenShift Origin Active Directory Authentication

com/company/unisys> [image: > Grey_TW] <http://twitter.com/unisyscorp> [image: Grey_GP] > <https://plus.google.com/+UnisysCorp/posts>[image: Grey_YT] > <http://www.youtube.com/theunisyschannel>[image: Grey_FB] > <http://www.facebook.com/unisyscorp>[image: Grey_Vime

Re: OpenShift Origin Active Directory Authentication

inkedin.com/company/unisys> [image: > Grey_TW] <http://twitter.com/unisyscorp> [image: Grey_GP] > <https://plus.google.com/+UnisysCorp/posts>[image: Grey_YT] > <http://www.youtube.com/theunisyschannel>[image: Grey_FB] > <http://www.facebook.com/unisyscorp>[image

Re: OpenShift Origin Active Directory Authentication

On Wed, Jul 12, 2017 at 10:41 PM, Werner, Mark wrote: > I am wondering why, if I perform a “oc get identity” that the only > identity that is returned is allow_all? If I changed the master-config.yaml > file to only have the Identity Provider

Re: API health or status page

document which explains? > > > > > > -- > > *Srinivas Kotaru* > > > > *From: *Jordan Liggitt <jligg...@redhat.com> > *Date: *Thursday, February 9, 2017 at 1:57 PM > *To: *Srinivas Naga Kotaru <skot...@cisco.com> > *Cc: *dev <dev@lists.openshift.redhat.com&g

Re: Upstream PRs to Origin are on hold pending the rebase

Also, the security issue with kube 1.5 was an issue with authorization related to authenticated/anonymous users. Because OpenShift has always distinguished between those types of users in authentication and authorization, the issue does not affect OpenShift. On Tue, Jan 3, 2017 at 2:13 PM, Marky

Re: enable logs for openshift master

Passing `--loglevel=5` to `openshift start master` prints verbose logs On Thu, Dec 22, 2016 at 9:42 AM, Pri wrote: > Hi, > > Is there a way we can enable DEBUG logs for openshift master, may be by > editing master-config.yaml. Please let me know if its possible? >

Re: cluster wide service acount

; cae-ops-token-jdhezkubernetes.io/service-account-token > 3 1h > > > > 1st token being used for Docker. Was wondering about other 2 tokens. > > > > -- > > *Srinivas Kotaru* > > > > *From: *Jordan Liggitt <jligg...@redhat.com> > *Date:

Re: The API version v1 for kind BuildConfig is not supported by this server.

What setup method did you use? Check your /etc/origin/master/master-config.yaml to see if it contains a "disabledFeatures" field that includes "Builder". On Fri, Nov 18, 2016 at 12:28 AM, irvan hendrik wrote: > Hi, > I am completely new with OpenShift and docker. I

Re: namedCertificates not working

Are you seeing this from a system where you previously logged in to that URL using oc with the non-prod CA bundle? When configured to use a non-system-roots ca bundle, oc remembers it in the local user's kubeconfig file ($KUBECONFIG or ~/.kube/config). Try moving (or removing) the kubeconfig file

Re: keystonepasswd auth

ing. Project scoped ones usually used. > > Most resources in openstack is bound to the project and not the user, so > hence the need for scoped tokens. > > Thanks, > Kevin > ------ > *From:* Jordan Liggitt [jligg...@redhat.com] > *Sent:* Thursday, Apri

Re: keystonepasswd auth

vin@pnnl.gov> wrote: > keystone v3 renamed tenant to project. Otherwise, should be the same. > > Thanks, > Kevin > > > -- > *From:* dev-boun...@lists.openshift.redhat.com [ > dev-boun...@lists.openshift.redhat.com] on behalf of Jordan Liggitt

Re: keystonepasswd auth

The OpenShift Keystone IDP integration only supports the v3 Keystone API. I don't see any discussion of tenants in the doc for that API ( http://developer.openstack.org/api-ref-identity-v3.html) On Thu, Apr 14, 2016 at 12:06 PM, Chmouel Boudjnah wrote: > Hello, > > I was