Any idea anybody? David Strejc t: +420734270131 e: [email protected]
On Mon, Feb 15, 2016 at 7:53 AM, David Strejc <[email protected]> wrote: > I am still gettting same message. > > I don't want to use service account - I am using account "david" which has > been added to privileged scc previously. > I've also gave policy hostaccess to this account. > > I need to start my pods with mounted socket from Node. It works when I > create Pod from pod definition pod.yaml: > > apiVersion: v1 > kind: Pod > metadata: > name: david > labels: > name: david > spec: > containers: > #- image: davidstrejc/test2 > - image: davidstrejc/test2 > name: david > volumeMounts: > - mountPath: /var/lib/mysql/mysql.sock > name: test-volume > ports: > - containerPort: 80 > volumes: > - name: test-volume > hostPath: > path: /var/lib/mysql/mysql.sock > selector: > name: david > > > But when I use template with same account it fails with message I wrote. > > David Strejc > t: +420734270131 > e: [email protected] > > On Fri, Feb 12, 2016 at 3:35 PM, Clayton Coleman <[email protected]> > wrote: > >> >> https://docs.openshift.org/latest/architecture/additional_concepts/authorization.html#security-context-constraints >> >> Your service account isn't authorized to mount host paths - you want to >> add the service account "default" in project to the hostaccess SCC >> >> oadm policy add-scc-to-user hostaccess -z default >> >> That allows your pod to mount host volumes. >> >> On Feb 12, 2016, at 8:38 AM, David Strejc <[email protected]> wrote: >> >> Dear all, >> >> I got following error when I try to start application from template: >> >> Error creating: Pod "cakephp-example-1-" is forbidden: unable to validate >> against any security context constraint: >> [spec.containers[0].securityContext.volumeMounts: invalid value >> 'test-volume', Details: Host Volumes are not allowed to be used] (9 times >> in the last 2 minutes, 52 seconds) >> >> I've added: >> >> securityContext: >> privileged: true >> >> into template DeploymentConfig definition and user who is creating app >> from template is in privileged scc group. >> >> What am I doing wrong? >> >> David Strejc >> t: +420734270131 >> e: [email protected] >> >> _______________________________________________ >> users mailing list >> [email protected] >> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >> >> >
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
