Re: Cannot start pod from template

Sun, 14 Feb 2016 22:56:58 -0800 

I am still gettting same message.

I don't want to use service account - I am using account "david" which has
been added to privileged scc previously.
I've also gave policy hostaccess to this account.

I need to start my pods with mounted socket from Node. It works when I
create Pod from pod definition pod.yaml:

apiVersion: v1
kind: Pod
metadata:
  name: david
  labels:
    name: david
spec:
  containers:
  #- image: davidstrejc/test2
  - image: davidstrejc/test2
    name: david
    volumeMounts:
    - mountPath: /var/lib/mysql/mysql.sock
      name: test-volume
    ports:
    - containerPort: 80
  volumes:
  - name: test-volume
    hostPath:
      path: /var/lib/mysql/mysql.sock
  selector:
    name: david


But when I use template with same account it fails with message I wrote.

David Strejc
t: +420734270131
e: [email protected]

On Fri, Feb 12, 2016 at 3:35 PM, Clayton Coleman <[email protected]>
wrote:

>
> https://docs.openshift.org/latest/architecture/additional_concepts/authorization.html#security-context-constraints
>
> Your service account isn't authorized to mount host paths - you want to
> add the service account "default" in project to the hostaccess SCC
>
>     oadm policy add-scc-to-user hostaccess -z default
>
> That allows your pod to mount host volumes.
>
> On Feb 12, 2016, at 8:38 AM, David Strejc <[email protected]> wrote:
>
> Dear all,
>
> I got following error when I try to start application from template:
>
> Error creating: Pod "cakephp-example-1-" is forbidden: unable to validate
> against any security context constraint:
> [spec.containers[0].securityContext.volumeMounts: invalid value
> 'test-volume', Details: Host Volumes are not allowed to be used] (9 times
> in the last 2 minutes, 52 seconds)
>
> I've added:
>
>   securityContext:
>           privileged: true
>
> into template DeploymentConfig definition and user who is creating app
> from template is in privileged scc group.
>
> What am I doing wrong?
>
> David Strejc
> t: +420734270131
> e: [email protected]
>
> _______________________________________________
> users mailing list
> [email protected]
> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>
>

_______________________________________________
users mailing list
[email protected]
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Reply via email to