Hello Clayton, The service account is router (I've tried to create a new service account for ipfailover but the same error). Yes, the SCC is privileged, if I edit this I can see the service account:
- system:serviceaccount:default:router Regards. 2016-02-15 16:13 GMT+01:00 Clayton Coleman <[email protected]>: > What service account is the ipfa-pod using, and can you verify that > the SCC correctly points to it? > > On Mon, Feb 15, 2016 at 8:53 AM, Fran Barrera <[email protected]> > wrote: > > If I try "oc rsh ipfa-pod" this is the output: > > > > Error from server: pods "ipfa-ha-router-1-2e2t7" is forbidden: unable to > > validate against any security context constraint: [provider restricted: > > .spec.securityContext.hostNetwork: invalid value 'true', Details: Host > > network is not allowed to be used provider restricted: > > .spec.containers[0].securityContext.privileged: invalid value 'true', > > Details: Privileged containers are not allowed provider restricted: > > .spec.containers[0].securityContext.VolumeMounts: invalid value > > 'lib-modules', Details: Host Volumes are not allowed to be used provider > > restricted: .spec.containers[0].securityContext.containers.0.hostPort: > > invalid value '1985', Details: Host ports are not allowed to be used] > > > > I've created the ip failover with the same scc that the router. > > > > > > > > 2016-02-15 13:54 GMT+01:00 Fran Barrera <[email protected]>: > >> > >> Hello, > >> > >> I've a problem to deploy router in HA. I've following the steps > >> (https://docs.openshift.org/latest/admin_guide/high_availability.html). > >> > >> Everything was correct. I can see the VIP that I've assigned in the > Node: > >> > >> [root@openshift-master1 ~]# ip addr show > >> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast > state > >> UP qlen 1000 > >> inet 192.168.0.77/16 brd 192.168.255.255 scope global dynamic eth0 > >> valid_lft 80140sec preferred_lft 80140sec > >> inet 10.14.128.155/32 scope global eth0 > >> valid_lft forever preferred_lft forever > >> > >> From this Node I can ping correctly, but from other node or other PC I > >> can't access to this VIP, so I can't put his VIP in the DNS. > >> > >> It's like that the problem is Iptables of this node, but I'm not sure, > so > >> I don't know what is happening. > >> > >> Any suggestions? > >> > >> Best Regards, > >> Fran. > > > > > > > > _______________________________________________ > > users mailing list > > [email protected] > > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > > >
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
