What service account is the ipfa-pod using, and can you verify that the SCC correctly points to it?
On Mon, Feb 15, 2016 at 8:53 AM, Fran Barrera <[email protected]> wrote: > If I try "oc rsh ipfa-pod" this is the output: > > Error from server: pods "ipfa-ha-router-1-2e2t7" is forbidden: unable to > validate against any security context constraint: [provider restricted: > .spec.securityContext.hostNetwork: invalid value 'true', Details: Host > network is not allowed to be used provider restricted: > .spec.containers[0].securityContext.privileged: invalid value 'true', > Details: Privileged containers are not allowed provider restricted: > .spec.containers[0].securityContext.VolumeMounts: invalid value > 'lib-modules', Details: Host Volumes are not allowed to be used provider > restricted: .spec.containers[0].securityContext.containers.0.hostPort: > invalid value '1985', Details: Host ports are not allowed to be used] > > I've created the ip failover with the same scc that the router. > > > > 2016-02-15 13:54 GMT+01:00 Fran Barrera <[email protected]>: >> >> Hello, >> >> I've a problem to deploy router in HA. I've following the steps >> (https://docs.openshift.org/latest/admin_guide/high_availability.html). >> >> Everything was correct. I can see the VIP that I've assigned in the Node: >> >> [root@openshift-master1 ~]# ip addr show >> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state >> UP qlen 1000 >> inet 192.168.0.77/16 brd 192.168.255.255 scope global dynamic eth0 >> valid_lft 80140sec preferred_lft 80140sec >> inet 10.14.128.155/32 scope global eth0 >> valid_lft forever preferred_lft forever >> >> From this Node I can ping correctly, but from other node or other PC I >> can't access to this VIP, so I can't put his VIP in the DNS. >> >> It's like that the problem is Iptables of this node, but I'm not sure, so >> I don't know what is happening. >> >> Any suggestions? >> >> Best Regards, >> Fran. > > > > _______________________________________________ > users mailing list > [email protected] > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > _______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
