On Fri, Dec 2, 2016 at 4:35 PM, Akshaya Khare <[email protected]> wrote:
> Hi again, > > I tried using the suggestions you guys gave but some how its still failing. > On further analysis I understood that this is not actually the image which > I created. > > Since I'm using source2image, the github source is being mapped on to my > image which has root privileges. > Now my image creates a build and then a new pod is spawned up using that > build. > > Is there some other configuration within these steps which allows me to > run the pod as a root user? > Or these steps have nothing to do with the user issue i'm facing? > you can control the user the pod runs as by setting the pod's security context: http://kubernetes.io/docs/api-reference/v1/definitions/#_v1_podsecuritycontext but it would be better to try to understand why your image needs to run as root and change file/etc permissions so that it does not require that. > > Thanks, > AK > > On Thu, Dec 1, 2016 at 6:31 PM, Srinivas Naga Kotaru (skotaru) < > [email protected]> wrote: > >> I was thinking belwo are right steps as per my knowledge >> >> >> >> 1. Create a service account >> >> 2. Grant anyuid SCC to this service account >> >> 3. And add sercice account details to dc object >> >> >> >> >> >> I might be wrong but above steps in my mind. Even I would like to get >> clarity on this topic what is the right approach to run a container using >> anyuid priviligies >> >> >> >> >> >> -- >> >> *Srinivas Kotaru* >> >> >> >> *From: *<[email protected]> on behalf of Ben >> Parees <[email protected]> >> *Date: *Thursday, December 1, 2016 at 1:37 PM >> *To: *Akshaya Khare <[email protected]>, Jordan Liggitt < >> [email protected]> >> *Cc: *users <[email protected]> >> *Subject: *Re: oc new-app with root privileges >> >> >> >> >> >> >> >> On Thu, Dec 1, 2016 at 4:18 PM, Akshaya Khare <[email protected]> >> wrote: >> >> Hi, >> >> >> >> I created my own image which can use s2i to use git urls for my internal >> projects. >> >> >> >> The image has been created such that the systemd services will be >> working, and in order to do that the image had to be created with root user. >> >> >> >> Now the container spawned from this image only works properly i spawn it >> with the below command: >> >> >> >> *docker run -ti -v /sys/fs/cgroup:/sys/fs/cgroup:ro -d my-image-name* >> >> >> >> The container works fine. >> >> >> >> Unfortunately, whenever I try to create the container from the openshift >> ui, it creates the pod successfully but it doesn't have access to run it >> since it doesn't run it as a root user. >> >> >> >> I tried to provide this command: >> >> >> >> *oadm policy add-scc-to-user anyuid -z project-name* >> >> >> >> But still the pod is created without the root user. >> >> >> >> Is there any way to run the pod with root user via both cli or ui? >> >> >> >> assuming your built image defaults to running as root, the adding anyuid >> scc should be all you need to do for the image to run as that user, as far >> as i know. >> >> >> >> >> >> >> >> >> -- >> >> *Thanks & Regards,* >> >> *Akshaya Khare* >> >> *312-785-3508 <312-785-3508>* >> >> >> _______________________________________________ >> users mailing list >> [email protected] >> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >> >> >> >> >> -- >> >> Ben Parees | OpenShift >> > > > > -- > *Thanks & Regards,* > *Akshaya Khare* > *312-785-3508 <312-785-3508>* > -- Ben Parees | OpenShift
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
