Thanks for the quick response. We were attempting a lookup, but will pursuit the mount option.
Cheers On 30 June 2016 at 01:11, Luke Meyer <[email protected]> wrote: > former, latter... they're just words right? yeah. > > On Wed, Jun 29, 2016 at 11:08 AM, Jordan Liggitt <[email protected]> > wrote: > >> Other way around... mounting a config map doesn't require the service >> account to have special permissions. Reading a configmap via an API call >> from within a pod does. >> >> On Wed, Jun 29, 2016 at 10:58 AM, Luke Meyer <[email protected]> wrote: >> >>> Are you trying to mount the configmap or read from it? The latter does >>> not require any extra role for the pod service account. >>> >>> On Wed, Jun 29, 2016 at 8:46 AM, Lewis Shobbrook < >>> [email protected]> wrote: >>> >>>> Hi Guys, >>>> Having some trouble with configmaps with our pods. >>>> >>>> In the pods logs we see the following... >>>> >>>> 2016-06-28 02:45:55.055 [INFO] [0000-main] >>>> [au.com.consealed.service.interfac.config.SpringConfig] >>>> ConfigMapConfigProperties: ppe >>>> 2016-06-28 02:46:46.046 [WARN] [0000-main] >>>> [io.fabric8.spring.cloud.kubernetes.config.ConfigMapPropertySource] >>>> Can't read configMap with name: [ppe] in namespace:[dev]. Ignoring >>>> io.fabric8.kubernetes.client.KubernetesClientException: Failure >>>> executing: GET at: >>>> https://kubernetes.default.svc/api/v1/namespaces/dev/configmaps/ppe. >>>> Message: Forbidden!Configured service account doesn't have access. Service >>>> account may have been revoked. >>>> >>>> From oc rsh ... >>>> >>>> sh-4.2$ curl -k -H "Authorization: oAuth XXX" >>>> https://kubernetes.default.svc/api/v1/namespaces/dev/configmap >>>> { >>>> "kind": "Status", >>>> "apiVersion": "v1", >>>> "metadata": {}, >>>> "status": "Failure", >>>> "message": "User \"system:anonymous\" cannot get configmaps in project >>>> \"dev\"", >>>> "reason": "Forbidden", >>>> "details": { >>>> "name": "ppe", >>>> "kind": "configmaps" >>>> }, >>>> "code": 403 >>>> } >>>> >>>> I'm pretty green with this, but what do I need to do to provide a pod >>>> within the the same namespace the correct access to the configmap? >>>> I can see secrets are mounted correctly within /run/secrets/ >>>> kubernetes.io/serviceaccount/ within the pod >>>> >>>> oc version >>>> oc v1.2.0-rc1 >>>> kubernetes v1.2.0-36-g4a3f9c5 >>>> >>>> Cheers >>>> >>>> Lew >>>> >>>> >>>> _______________________________________________ >>>> users mailing list >>>> [email protected] >>>> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >>>> >>>> >>> >>> _______________________________________________ >>> users mailing list >>> [email protected] >>> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >>> >>> >> >
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
