Hi Gaurav,

You need to set privileged security context for deploymentConfig and
Project/Namespace:

# oc adm policy add-scc-to-user privileged -z <serviceaccount_name>

# oc patch dc <deploymentConfig> -p
'{"spec":{"template":{"spec":{"containers":[{"name":"router","securityContext":{"privileged":true}}]}}}}'


... and/or set the hostmount-anyuid context for the Project/Namespace:

# oc adm policy add-scc-to-user hostmount-anyuid -z default



https://docs.openshift.com/container-platform/3.7/admin_guide/manage_scc.html#grant-access-to-the-privileged-scc


Regards,


Rodrigo Bersa

Cloud Consultant, RHCVA, RHCE

Red Hat Brasil <https://www.redhat.com>

rbe...@redhat.com    M: +55-11-99557-5841
<https://red.ht/sig>
TRIED. TESTED. TRUSTED. <https://redhat.com/trusted>
Red Hat é reconhecida entre as melhores empresas para trabalhar no Brasil
pelo *Great Place to Work*.

On Wed, Mar 7, 2018 at 11:45 AM, Fernando Lozano <floz...@redhat.com> wrote:

> Hi Gaurav,
>
> We usually don't change a pod directly -- we change the deployment
> configuration (dc) that creates and manages the pod. Changing the dc
> automatically destroys existing pods and creates new ones, using the
> updated configuration.
>
> []s, Fernando Lozano
>
>
> On Wed, Mar 7, 2018 at 10:42 AM, Vyacheslav Semushin <vsemu...@redhat.com>
> wrote:
>
>> 2018-03-07 4:00 GMT+01:00 Gaurav Ojha <gauravo...@gmail.com>:
>>
>>> Hi,
>>>
>>> I would like some help from you guys if possible.
>>>
>>> I am trying to mount a directory on my host machine to my OpenShift
>>> instance.
>>>
>>> As per the kubernetes document here
>>> <https://kubernetes.io/docs/concepts/storage/volumes/#hostpath> , it
>>> mentions that changing the pod spec by simply adding the hostPath volume
>>> should work, however, when I do that,  OpenShift throws an error whereby it
>>> says that I am not permitted to modify other than a few handful.
>>>
>>
>> If you provide also error message, we'll be able to provide a better
>> solution for you.
>>
>> As far I remember Kubernetes doesn't allow to _modify_ all the pod fields
>> but only subset of them. Have you tried to _create_ a pod instead of
>> editing it?
>>
>> Is there any way to get this permission? I already have added set the
>>> allowHostDirVolumePlugin to true and my containers run as root.
>>>
>>
>> So, you've already seen this https://docs.openshift.org/1.2
>> /admin_guide/manage_scc.html#use-the-hostpath-volume-plugin ?
>>
>>
>> --
>> Slava Semushin | OpenShift
>>
>> _______________________________________________
>> users mailing list
>> users@lists.openshift.redhat.com
>> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>>
>>
>
> _______________________________________________
> users mailing list
> users@lists.openshift.redhat.com
> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>
>
_______________________________________________
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Reply via email to