Is it possible to add "default" service account this scc for every project - I mean those I will create in future.
Now I need to add this scc for project I've created ex post. David Strejc t: +420734270131 e: [email protected] On Mon, Feb 15, 2016 at 4:44 PM, David Strejc <[email protected]> wrote: > Many thanks I will do that. > > David Strejc > t: +420734270131 > e: [email protected] > > On Mon, Feb 15, 2016 at 4:35 PM, Jordan Liggitt <[email protected]> > wrote: > >> For deploymentconfigs/replicationcontrollers, you *have* to authorize the >> service account... your original user isn't around any more, so the service >> account is all the API has to go on to allow the pod to use host volumes. >> >> On Mon, Feb 15, 2016 at 10:26 AM, David Strejc <[email protected]> >> wrote: >> >>> Any idea anybody? >>> >>> David Strejc >>> t: +420734270131 >>> e: [email protected] >>> >>> On Mon, Feb 15, 2016 at 7:53 AM, David Strejc <[email protected]> >>> wrote: >>> >>>> I am still gettting same message. >>>> >>>> I don't want to use service account - I am using account "david" which >>>> has been added to privileged scc previously. >>>> I've also gave policy hostaccess to this account. >>>> >>>> I need to start my pods with mounted socket from Node. It works when I >>>> create Pod from pod definition pod.yaml: >>>> >>>> apiVersion: v1 >>>> kind: Pod >>>> metadata: >>>> name: david >>>> labels: >>>> name: david >>>> spec: >>>> containers: >>>> #- image: davidstrejc/test2 >>>> - image: davidstrejc/test2 >>>> name: david >>>> volumeMounts: >>>> - mountPath: /var/lib/mysql/mysql.sock >>>> name: test-volume >>>> ports: >>>> - containerPort: 80 >>>> volumes: >>>> - name: test-volume >>>> hostPath: >>>> path: /var/lib/mysql/mysql.sock >>>> selector: >>>> name: david >>>> >>>> >>>> But when I use template with same account it fails with message I wrote. >>>> >>>> David Strejc >>>> t: +420734270131 >>>> e: [email protected] >>>> >>>> On Fri, Feb 12, 2016 at 3:35 PM, Clayton Coleman <[email protected]> >>>> wrote: >>>> >>>>> >>>>> https://docs.openshift.org/latest/architecture/additional_concepts/authorization.html#security-context-constraints >>>>> >>>>> Your service account isn't authorized to mount host paths - you want >>>>> to add the service account "default" in project to the hostaccess SCC >>>>> >>>>> oadm policy add-scc-to-user hostaccess -z default >>>>> >>>>> That allows your pod to mount host volumes. >>>>> >>>>> On Feb 12, 2016, at 8:38 AM, David Strejc <[email protected]> >>>>> wrote: >>>>> >>>>> Dear all, >>>>> >>>>> I got following error when I try to start application from template: >>>>> >>>>> Error creating: Pod "cakephp-example-1-" is forbidden: unable to >>>>> validate against any security context constraint: >>>>> [spec.containers[0].securityContext.volumeMounts: invalid value >>>>> 'test-volume', Details: Host Volumes are not allowed to be used] (9 times >>>>> in the last 2 minutes, 52 seconds) >>>>> >>>>> I've added: >>>>> >>>>> securityContext: >>>>> privileged: true >>>>> >>>>> into template DeploymentConfig definition and user who is creating app >>>>> from template is in privileged scc group. >>>>> >>>>> What am I doing wrong? >>>>> >>>>> David Strejc >>>>> t: +420734270131 >>>>> e: [email protected] >>>>> >>>>> _______________________________________________ >>>>> users mailing list >>>>> [email protected] >>>>> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >>>>> >>>>> >>>> >>> >>> _______________________________________________ >>> users mailing list >>> [email protected] >>> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >>> >>> >> >
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
