Other way around... mounting a config map doesn't require the service account to have special permissions. Reading a configmap via an API call from within a pod does.
On Wed, Jun 29, 2016 at 10:58 AM, Luke Meyer <[email protected]> wrote: > Are you trying to mount the configmap or read from it? The latter does not > require any extra role for the pod service account. > > On Wed, Jun 29, 2016 at 8:46 AM, Lewis Shobbrook < > [email protected]> wrote: > >> Hi Guys, >> Having some trouble with configmaps with our pods. >> >> In the pods logs we see the following... >> >> 2016-06-28 02:45:55.055 [INFO] [0000-main] >> [au.com.consealed.service.interfac.config.SpringConfig] >> ConfigMapConfigProperties: ppe >> 2016-06-28 02:46:46.046 [WARN] [0000-main] >> [io.fabric8.spring.cloud.kubernetes.config.ConfigMapPropertySource] >> Can't read configMap with name: [ppe] in namespace:[dev]. Ignoring >> io.fabric8.kubernetes.client.KubernetesClientException: Failure >> executing: GET at: >> https://kubernetes.default.svc/api/v1/namespaces/dev/configmaps/ppe. >> Message: Forbidden!Configured service account doesn't have access. Service >> account may have been revoked. >> >> From oc rsh ... >> >> sh-4.2$ curl -k -H "Authorization: oAuth XXX" >> https://kubernetes.default.svc/api/v1/namespaces/dev/configmap >> { >> "kind": "Status", >> "apiVersion": "v1", >> "metadata": {}, >> "status": "Failure", >> "message": "User \"system:anonymous\" cannot get configmaps in project >> \"dev\"", >> "reason": "Forbidden", >> "details": { >> "name": "ppe", >> "kind": "configmaps" >> }, >> "code": 403 >> } >> >> I'm pretty green with this, but what do I need to do to provide a pod >> within the the same namespace the correct access to the configmap? >> I can see secrets are mounted correctly within /run/secrets/ >> kubernetes.io/serviceaccount/ within the pod >> >> oc version >> oc v1.2.0-rc1 >> kubernetes v1.2.0-36-g4a3f9c5 >> >> Cheers >> >> Lew >> >> >> _______________________________________________ >> users mailing list >> [email protected] >> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >> >> > > _______________________________________________ > users mailing list > [email protected] > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > >
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
