You need to grant the pod's service account a role within the project (like `oc policy add-role-to-user view -n dev -z myserviceaccount`)
On Wed, Jun 29, 2016 at 8:46 AM, Lewis Shobbrook < [email protected]> wrote: > Hi Guys, > Having some trouble with configmaps with our pods. > > In the pods logs we see the following... > > 2016-06-28 02:45:55.055 [INFO] [0000-main] > [au.com.consealed.service.interfac.config.SpringConfig] > ConfigMapConfigProperties: ppe > 2016-06-28 02:46:46.046 [WARN] [0000-main] > [io.fabric8.spring.cloud.kubernetes.config.ConfigMapPropertySource] > Can't read configMap with name: [ppe] in namespace:[dev]. Ignoring > io.fabric8.kubernetes.client.KubernetesClientException: Failure executing: > GET at: > https://kubernetes.default.svc/api/v1/namespaces/dev/configmaps/ppe. > Message: Forbidden!Configured service account doesn't have access. Service > account may have been revoked. > > From oc rsh ... > > sh-4.2$ curl -k -H "Authorization: oAuth XXX" > https://kubernetes.default.svc/api/v1/namespaces/dev/configmap > { > "kind": "Status", > "apiVersion": "v1", > "metadata": {}, > "status": "Failure", > "message": "User \"system:anonymous\" cannot get configmaps in project > \"dev\"", > "reason": "Forbidden", > "details": { > "name": "ppe", > "kind": "configmaps" > }, > "code": 403 > } > > I'm pretty green with this, but what do I need to do to provide a pod > within the the same namespace the correct access to the configmap? > I can see secrets are mounted correctly within /run/secrets/ > kubernetes.io/serviceaccount/ within the pod > > oc version > oc v1.2.0-rc1 > kubernetes v1.2.0-36-g4a3f9c5 > > Cheers > > Lew > > > _______________________________________________ > users mailing list > [email protected] > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > >
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
