Re: Re: authentication required even for pulling images from private registry

Hi Jared, can you post your Deployment config? 2017-10-19 2:37 GMT+02:00 Yu Wei : > Image and pods are in the same project. > > Jared > Interested in cloud computing,big data processing,linux > > 2017年10月19日 上午4:39于 Joel Pearson 写道： > Is the

service account for rest api

Hello i am trying to create a sa for accessing rest api with token .. i have followed the doc steps creating the account, applying admin role to that account and getting the token trying to access replicacioncontroller info with bearer in curl, i can auth into but i get i have no permission

DNS resolving problem - in pod

Dear all :) I have following problem: [image: Obraz w treści 1] Frequently I have to restart origin-node to solve this issue, but I can't find the root cause of it. Does anybody has got any idea ? Where to start looking ? In addition , this problem is affecting different cluster nodes -

Re: service account for rest api

Hello I tried with view and cluster-admin too. No luck Guess is the curl issue Ty! > El 19 oct 2017, a las 21:40, Luke Meyer escribió: > > > >> On Thu, Oct 19, 2017 at 10:58 AM, Julio Saura wrote: >> yes ofc >> >> oc create serviceaccount icinga -n

Re: service account for rest api

On Thu, Oct 19, 2017 at 10:58 AM, Julio Saura wrote: > yes ofc > > oc create serviceaccount icinga -n project1 > > oadm policy add-cluster-role-to-user admin system:serviceaccounts: > project1:icinga > There is no cluster role "admin" (... by default anyway, you could of

Re: authentication required even for pulling images from private registry

I fixed the problem by changing setting in registry console. For my project, change the permissions to "Project access policy allows anonymous users to pull images. Grant additional push or admin access to specific members below." Thanks, Jared, (韦煜） Software developer Interested in open

Re: DNS resolving problem - in pod

I had that happen quite a bit within containers based on alpine linux Cam On Thu, 19 Oct 2017 at 23:49 Łukasz Strzelec wrote: > Dear all :) > > I have following problem: > > [image: Obraz w treści 1] > > > Frequently I have to restart origin-node to solve this issue,

Re: DNS resolving problem - in pod

Alpine's musl libc only supports "search" starting from version 1.1.13. Check if this is your case. -- Mateus Caruccio / Master of Puppets GetupCloud.com We make the infrastructure invisible Gartner Cool Vendor 2017 2017-10-19 10:58 GMT-02:00 Cameron Braid : > I had that

Re: service account for rest api

Hi Julio, Could you copy the commands you have used? Regards, Frédéric On 19 Oct 2017 11:43, "Julio Saura" wrote: > Hello > > i am trying to create a sa for accessing rest api with token .. > > i have followed the doc steps > > creating the account, applying admin role to

Re: service account for rest api

Hi Julio, the following works for me: # oc new-project project1 # oc create serviceaccount inciga -n project1 # oc policy add-role-to-user admin system:serviceaccounts:project1:inciga -n project1 # curl -k -H "Authorization: Bearer $(oc sa get-token inciga -n project1)" -H "Content-Type:

Re: service account for rest api

yes ofc oc create serviceaccount icinga -n project1 oadm policy add-cluster-role-to-user admin system:serviceaccounts:project1:icinga oadm policy reconcile-cluster-roles —confirm and then dump the token oc serviceaccounts get-token icing ty frederic! i do login with curl but i get {

Re: authentication required even for pulling images from private registry

Hello:) I had the same issue. In our ENV we are obligated to use proxy server. Thus we put to inventory statements regarding proxy. We forgot to add registry to "noproxy" line. The result was exactly as you pointed. I hope this may help you or at least guide to diffrent solution. Best regards

Re: service account for rest api

typo yes sorry > curl -k -H "Authorization: Bearer $(oc sa get-token inciga -n project1)" -H > "Content-Type: application/json" > https://MASTER_BALANCER_IP:8443/api/v1/namespaces/project1/replicationcontrollers > >

Re: service account for rest api

You can try the following: oc get rc -n project1 --as=system:serviceaccounts:project1:inciga On 19 Oct 2017 17:51, "Julio Saura" wrote: > typo yes sorry > > curl -k -H "Authorization: Bearer $(oc sa get-token inciga -n project1)" > -H "Content-Type: application/json"

Re: service account for rest api

Julio, Depending on your version of curl, you may be hitting this: https://bugzilla.redhat.com/show_bug.cgi?id=1260178 [https://bugzilla.redhat.com/show_bug.cgi?id=1260178] On Thu, Oct 19, 2017 at 12:11 PM, Julio Saura wrote: umm that works … weird Julio Saura Alejandre

Re: service account for rest api

umm that works … weird Julio Saura Alejandre Responsable Servicios Gestionados hiberus TRAVEL Tel.: + 34 902 87 73 92 Ext. 659 Parque Empresarial PLAZA Edificio EXPOINNOVACIÓN C/. Bari 25 Duplicado, Escalera 1, Planta 2ª. 50197 Zaragoza www.hiberus.com Crecemos contigo

Re: service account for rest api

Very good. The issue is with your curl. Next step run the same command with --loglevel=8 and check the queries that are sent to the API server. Regards, Frédéric On 19 Oct 2017 18:11, "Julio Saura" wrote: > umm that works … > > weird > > *Julio Saura Alejandre* >

Re: service account for rest api

Yikes !! I will check tomorrow Ty! > El 19 oct 2017, a las 18:16, Cesar Wong escribió: > > > Julio, > > Depending on your version of curl, you may be hitting this: > https://bugzilla.redhat.com/show_bug.cgi?id=1260178 > > On Thu, Oct 19, 2017 at 12:11 PM, Julio Saura