Many thanks I will do that. David Strejc t: +420734270131 e: [email protected]
On Mon, Feb 15, 2016 at 4:35 PM, Jordan Liggitt <[email protected]> wrote: > For deploymentconfigs/replicationcontrollers, you *have* to authorize the > service account... your original user isn't around any more, so the service > account is all the API has to go on to allow the pod to use host volumes. > > On Mon, Feb 15, 2016 at 10:26 AM, David Strejc <[email protected]> > wrote: > >> Any idea anybody? >> >> David Strejc >> t: +420734270131 >> e: [email protected] >> >> On Mon, Feb 15, 2016 at 7:53 AM, David Strejc <[email protected]> >> wrote: >> >>> I am still gettting same message. >>> >>> I don't want to use service account - I am using account "david" which >>> has been added to privileged scc previously. >>> I've also gave policy hostaccess to this account. >>> >>> I need to start my pods with mounted socket from Node. It works when I >>> create Pod from pod definition pod.yaml: >>> >>> apiVersion: v1 >>> kind: Pod >>> metadata: >>> name: david >>> labels: >>> name: david >>> spec: >>> containers: >>> #- image: davidstrejc/test2 >>> - image: davidstrejc/test2 >>> name: david >>> volumeMounts: >>> - mountPath: /var/lib/mysql/mysql.sock >>> name: test-volume >>> ports: >>> - containerPort: 80 >>> volumes: >>> - name: test-volume >>> hostPath: >>> path: /var/lib/mysql/mysql.sock >>> selector: >>> name: david >>> >>> >>> But when I use template with same account it fails with message I wrote. >>> >>> David Strejc >>> t: +420734270131 >>> e: [email protected] >>> >>> On Fri, Feb 12, 2016 at 3:35 PM, Clayton Coleman <[email protected]> >>> wrote: >>> >>>> >>>> https://docs.openshift.org/latest/architecture/additional_concepts/authorization.html#security-context-constraints >>>> >>>> Your service account isn't authorized to mount host paths - you want to >>>> add the service account "default" in project to the hostaccess SCC >>>> >>>> oadm policy add-scc-to-user hostaccess -z default >>>> >>>> That allows your pod to mount host volumes. >>>> >>>> On Feb 12, 2016, at 8:38 AM, David Strejc <[email protected]> >>>> wrote: >>>> >>>> Dear all, >>>> >>>> I got following error when I try to start application from template: >>>> >>>> Error creating: Pod "cakephp-example-1-" is forbidden: unable to >>>> validate against any security context constraint: >>>> [spec.containers[0].securityContext.volumeMounts: invalid value >>>> 'test-volume', Details: Host Volumes are not allowed to be used] (9 times >>>> in the last 2 minutes, 52 seconds) >>>> >>>> I've added: >>>> >>>> securityContext: >>>> privileged: true >>>> >>>> into template DeploymentConfig definition and user who is creating app >>>> from template is in privileged scc group. >>>> >>>> What am I doing wrong? >>>> >>>> David Strejc >>>> t: +420734270131 >>>> e: [email protected] >>>> >>>> _______________________________________________ >>>> users mailing list >>>> [email protected] >>>> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >>>> >>>> >>> >> >> _______________________________________________ >> users mailing list >> [email protected] >> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >> >> >
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
