Thanks all. What was mentioned by Graham was the issue; I was not in the correct project.
On Thu, Jul 27, 2017 at 5:46 AM, Graham Dumpleton <[email protected]> wrote: > What is documented in that blog does work. > > Instead of: > > oc adm policy add-scc-to-user anyuid system:serviceaccount:mysvcacct > > use: > > oc adm policy add-scc-to-user anyuid -z mysvcacct > > as the blog explains, and make sure you are in the correct project in case > when you switched to admin you weren't, or add '-n yourprojectname' option > to commands. > > The form of what you ran is: > > oc adm policy add-scc-to-user <scc_name> \ > system:serviceaccount:<serviceaccount_namespace>:< > serviceaccount_name> > > If you only have three parts to colon separate argument, it is interpreted > as: > > oc adm policy add-scc-to-group <scc_name> \ > system:serviceaccounts:<serviceaccount_namespace> > > So you aren't strictly adding it to just the service account, but to all > service accounts in namespace. That should have yielded same result, but > maybe not and definitely probably not want you wanted, especially if you > ran it in the wrong project. > > Graham > > On 27 Jul 2017, at 4:49 AM, Isuru Haththotuwa <[email protected]> > wrote: > > Hi all, > > I'm trying to allow Docker containers to be run in openshift using the > user specified in the Dockerfile itself, without using a random user id. I > see that its possible to do this using the command [1], where all > authenticated users will be added to the anyuid group. Without doing this > for all users, can I do it for one specific user? I tried the following: > > 1. Create a service account in default project using command [2] > 2. Add the service account to the anyuid scc using command [3] > 3. Referred this service account name in the Deployment definition as > shown in the sample [4] > > However, still the container seems to start with a random user id. Is this > approach incorrect? What is the link between service account and the user > we set in the Docker images (with USER keyword)? > > [1]. oc adm policy add-scc-to-group anyuid system:authenticated > > [2]. oc create serviceaccount mysvcacct > > [3]. oc adm policy add-scc-to-user anyuid system:serviceaccount:mysvcacct > > [4]. https://blog.openshift.com/understanding-service-accounts-sccs/ > > -- > Thanks and Regards, > Isuru > _______________________________________________ > users mailing list > [email protected] > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > > > -- Thanks and Regards, Isuru
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
