thoughts ?
Thanks !
On Wed, May 23, 2018 at 11:18 PM, Daniel Comnea
wrote:
> I see the rational, thank you for quick response and knowledge.
>
> On Wed, May 23, 2018 at 10:59 PM, Jordan Liggitt
> wrote:
>
>> By making your SCC available to all authenticated users, it get
By making your SCC available to all authenticated users, it gets added to
the set considered for every pod run by every service account:
users:
- system:serviceaccount:foo:foo-sa
groups:
- system:authenticated
If you want to limit it to just your foo-sa service account, you should
remove the
> On Dec 19, 2017, at 1:49 AM, Weiwei Jiang wrote:
>
> But the scc is trying to verify the creater account(you can see this with
> audit enabled), and should be daemonset-controller or something like this but
> not the given serviceaccount).
That's not accurate. You can give
You likely want to specify sAMAccountName as the preferred username
attribute. Note that this would only apply to new users. Existing users
would retain their long username.
On Sep 18, 2017, at 11:07 PM, Tran Tien Dung wrote:
Hi everyone,
I user LDAP to login openshift,
> Why does separate dns server need? Could kube-dns be used?
kube-dns is actually a separate dns server as well. Openshift's DNS
implementation resolves some of the scalability issues kube-dns has and is
preferred
On Jul 13, 2017, at 6:20 AM, Haoran Wang wrote:
Hi,
1. when
yscorp> [image: Grey_GP]
>> <https://plus.google.com/+UnisysCorp/posts>[image: Grey_YT]
>> <http://www.youtube.com/theunisyschannel>[image: Grey_FB]
>> <http://www.facebook.com/unisyscorp>[image: Grey_Vimeo]
>> <https://vimeo.com/unisys>[image: Grey_UB] &l
com/company/unisys> [image:
> Grey_TW] <http://twitter.com/unisyscorp> [image: Grey_GP]
> <https://plus.google.com/+UnisysCorp/posts>[image: Grey_YT]
> <http://www.youtube.com/theunisyschannel>[image: Grey_FB]
> <http://www.facebook.com/unisyscorp>[image: Grey_Vime
inkedin.com/company/unisys> [image:
> Grey_TW] <http://twitter.com/unisyscorp> [image: Grey_GP]
> <https://plus.google.com/+UnisysCorp/posts>[image: Grey_YT]
> <http://www.youtube.com/theunisyschannel>[image: Grey_FB]
> <http://www.facebook.com/unisyscorp>[image
On Wed, Jul 12, 2017 at 10:41 PM, Werner, Mark
wrote:
> I am wondering why, if I perform a “oc get identity” that the only
> identity that is returned is allow_all? If I changed the master-config.yaml
> file to only have the Identity Provider
document which explains?
>
>
>
>
>
> --
>
> *Srinivas Kotaru*
>
>
>
> *From: *Jordan Liggitt <jligg...@redhat.com>
> *Date: *Thursday, February 9, 2017 at 1:57 PM
> *To: *Srinivas Naga Kotaru <skot...@cisco.com>
> *Cc: *dev <dev@lists.openshift.redhat.com&g
Also, the security issue with kube 1.5 was an issue with authorization
related to authenticated/anonymous users. Because OpenShift has always
distinguished between those types of users in authentication and
authorization, the issue does not affect OpenShift.
On Tue, Jan 3, 2017 at 2:13 PM, Marky
Passing `--loglevel=5` to `openshift start master` prints verbose logs
On Thu, Dec 22, 2016 at 9:42 AM, Pri wrote:
> Hi,
>
> Is there a way we can enable DEBUG logs for openshift master, may be by
> editing master-config.yaml. Please let me know if its possible?
>
; cae-ops-token-jdhezkubernetes.io/service-account-token
> 3 1h
>
>
>
> 1st token being used for Docker. Was wondering about other 2 tokens.
>
>
>
> --
>
> *Srinivas Kotaru*
>
>
>
> *From: *Jordan Liggitt <jligg...@redhat.com>
> *Date:
What setup method did you use? Check your
/etc/origin/master/master-config.yaml to see if it contains a
"disabledFeatures" field that includes "Builder".
On Fri, Nov 18, 2016 at 12:28 AM, irvan hendrik
wrote:
> Hi,
> I am completely new with OpenShift and docker. I
Are you seeing this from a system where you previously logged in to that
URL using oc with the non-prod CA bundle? When configured to use a
non-system-roots ca bundle, oc remembers it in the local user's kubeconfig
file ($KUBECONFIG or ~/.kube/config).
Try moving (or removing) the kubeconfig file
ing. Project scoped ones usually used.
>
> Most resources in openstack is bound to the project and not the user, so
> hence the need for scoped tokens.
>
> Thanks,
> Kevin
> ------
> *From:* Jordan Liggitt [jligg...@redhat.com]
> *Sent:* Thursday, Apri
vin@pnnl.gov> wrote:
> keystone v3 renamed tenant to project. Otherwise, should be the same.
>
> Thanks,
> Kevin
>
>
> --
> *From:* dev-boun...@lists.openshift.redhat.com [
> dev-boun...@lists.openshift.redhat.com] on behalf of Jordan Liggitt
The OpenShift Keystone IDP integration only supports the v3 Keystone API. I
don't see any discussion of tenants in the doc for that API (
http://developer.openstack.org/api-ref-identity-v3.html)
On Thu, Apr 14, 2016 at 12:06 PM, Chmouel Boudjnah
wrote:
> Hello,
>
> I was
18 matches
Mail list logo