For deploymentconfigs/replicationcontrollers, you *have* to authorize the service account... your original user isn't around any more, so the service account is all the API has to go on to allow the pod to use host volumes.
On Mon, Feb 15, 2016 at 10:26 AM, David Strejc <[email protected]> wrote: > Any idea anybody? > > David Strejc > t: +420734270131 > e: [email protected] > > On Mon, Feb 15, 2016 at 7:53 AM, David Strejc <[email protected]> > wrote: > >> I am still gettting same message. >> >> I don't want to use service account - I am using account "david" which >> has been added to privileged scc previously. >> I've also gave policy hostaccess to this account. >> >> I need to start my pods with mounted socket from Node. It works when I >> create Pod from pod definition pod.yaml: >> >> apiVersion: v1 >> kind: Pod >> metadata: >> name: david >> labels: >> name: david >> spec: >> containers: >> #- image: davidstrejc/test2 >> - image: davidstrejc/test2 >> name: david >> volumeMounts: >> - mountPath: /var/lib/mysql/mysql.sock >> name: test-volume >> ports: >> - containerPort: 80 >> volumes: >> - name: test-volume >> hostPath: >> path: /var/lib/mysql/mysql.sock >> selector: >> name: david >> >> >> But when I use template with same account it fails with message I wrote. >> >> David Strejc >> t: +420734270131 >> e: [email protected] >> >> On Fri, Feb 12, 2016 at 3:35 PM, Clayton Coleman <[email protected]> >> wrote: >> >>> >>> https://docs.openshift.org/latest/architecture/additional_concepts/authorization.html#security-context-constraints >>> >>> Your service account isn't authorized to mount host paths - you want to >>> add the service account "default" in project to the hostaccess SCC >>> >>> oadm policy add-scc-to-user hostaccess -z default >>> >>> That allows your pod to mount host volumes. >>> >>> On Feb 12, 2016, at 8:38 AM, David Strejc <[email protected]> >>> wrote: >>> >>> Dear all, >>> >>> I got following error when I try to start application from template: >>> >>> Error creating: Pod "cakephp-example-1-" is forbidden: unable to >>> validate against any security context constraint: >>> [spec.containers[0].securityContext.volumeMounts: invalid value >>> 'test-volume', Details: Host Volumes are not allowed to be used] (9 times >>> in the last 2 minutes, 52 seconds) >>> >>> I've added: >>> >>> securityContext: >>> privileged: true >>> >>> into template DeploymentConfig definition and user who is creating app >>> from template is in privileged scc group. >>> >>> What am I doing wrong? >>> >>> David Strejc >>> t: +420734270131 >>> e: [email protected] >>> >>> _______________________________________________ >>> users mailing list >>> [email protected] >>> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >>> >>> >> > > _______________________________________________ > users mailing list > [email protected] > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > >
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
